From 14c78d7cbc5aff65c6b8664e662fb6307028dae7 Mon Sep 17 00:00:00 2001 From: Nick LaMuro Date: Mon, 16 Apr 2018 19:31:42 -0500 Subject: [PATCH] Add patch to aws-sdk-core to fix auth bug There is a bug with the aws-sdk that prevents the API from working properly when using a proxy, and the auth for the proxy includes a special character (like a question mark: '?'). This is described here: https://github.com/aws/aws-sdk-ruby/pull/1760 Since the release of the fix is unknown, this currently monkey patches the fix to MIQ to allow it to work without it. --- app/models/authenticator/amazon.rb | 1 + .../providers/amazon/manager_mixin.rb | 2 + .../seahorse_client_net_http_pool_patch.rb | 44 +++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 lib/patches/aws-sdk-core/seahorse_client_net_http_pool_patch.rb diff --git a/app/models/authenticator/amazon.rb b/app/models/authenticator/amazon.rb index 7d3d09714..37d4646d3 100644 --- a/app/models/authenticator/amazon.rb +++ b/app/models/authenticator/amazon.rb @@ -130,6 +130,7 @@ def aws_connect(access_key_id, secret_access_key, service = :IAM, proxy_uri = ni proxy_uri ||= VMDB::Util.http_proxy_uri require 'aws-sdk' + require 'patches/aws-sdk-core/seahorse_client_net_http_pool_patch' Aws.const_get(service)::Resource.new( :access_key_id => access_key_id, :secret_access_key => secret_access_key, diff --git a/app/models/manageiq/providers/amazon/manager_mixin.rb b/app/models/manageiq/providers/amazon/manager_mixin.rb index c72e27b48..4f1e56475 100644 --- a/app/models/manageiq/providers/amazon/manager_mixin.rb +++ b/app/models/manageiq/providers/amazon/manager_mixin.rb @@ -50,6 +50,7 @@ module ClassMethods def raw_connect(access_key_id, secret_access_key, service, region, proxy_uri = nil, validate = false) require 'aws-sdk' + require 'patches/aws-sdk-core/seahorse_client_net_http_pool_patch' connection = Aws.const_get(service)::Resource.new( :access_key_id => access_key_id, @@ -84,6 +85,7 @@ def connection_rescue_block def translate_exception(err) require 'aws-sdk' + require 'patches/aws-sdk-core/seahorse_client_net_http_pool_patch' case err when Aws::EC2::Errors::SignatureDoesNotMatch MiqException::MiqHostError.new "SignatureMismatch - check your AWS Secret Access Key and signing method" diff --git a/lib/patches/aws-sdk-core/seahorse_client_net_http_pool_patch.rb b/lib/patches/aws-sdk-core/seahorse_client_net_http_pool_patch.rb new file mode 100644 index 000000000..3abca5a36 --- /dev/null +++ b/lib/patches/aws-sdk-core/seahorse_client_net_http_pool_patch.rb @@ -0,0 +1,44 @@ +# Autoload the connection pool +Seahorse::Client::NetHttp::ConnectionPool + +module Seahorse + module Client + module NetHttp + class ConnectionPool + def start_session endpoint + + endpoint = URI.parse(endpoint) + + args = [] + args << endpoint.host + args << endpoint.port + args << http_proxy.host + args << http_proxy.port + args << (http_proxy.user && CGI::unescape(http_proxy.user)) + args << (http_proxy.password && CGI::unescape(http_proxy.password)) + + http = ExtendedSession.new(Net::HTTP.new(*args.compact)) + http.set_debug_output(logger) if http_wire_trace? + http.open_timeout = http_open_timeout + + if endpoint.scheme == 'https' + http.use_ssl = true + if ssl_verify_peer? + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.ca_file = ssl_ca_bundle if ssl_ca_bundle + http.ca_path = ssl_ca_directory if ssl_ca_directory + http.cert_store = ssl_ca_store if ssl_ca_store + else + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + end + else + http.use_ssl = false + end + + http.start + http + end + end + end + end +end