[jira] [Created] (CLOUDSTACK-1294) default arguments in the __init__ function signature in the python API binding Cmd(...) class

Ove Everlid created CLOUDSTACK-1294: --- Summary: default arguments in the __init__ function signature in the python API binding Cmd(...) class Key: CLOUDSTACK-1294 URL: https://issues.apache.org/jira/browse

[jira] [Resolved] (CLOUDSTACK-609) [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid Signature' error.

: master > [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid > Signature' error. > - > > Key: CLOUDSTACK-609 > URL: ht

Re: Review Request: [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid Signature' error.

e.org/r/8480/ > --- > > (Updated Dec. 12, 2012, 10:31 a.m.) > > > Review request for cloudstack and Prachi Damle. > > > Description > --- > > In AWSAPI while forming the signature to validate an API, url-encode every > parameter name with UTF-8 encoding

Re: Is there a script to generate signature of an API command?

Why not just use cloudmonkey There's also https://cwiki.apache.org/confluence/display/CLOUDSTACK/Simple+class+for+mak ing+API+calls%2C+Python On 1/30/13 2:47 PM, "Kanzhe Jiang" wrote: >I wrote a simple python script to compute the signature of an API command, >but kep

Is there a script to generate signature of an API command?

I wrote a simple python script to compute the signature of an API command, but kept getting "unable to verify user credentials and/or request signature" Where in the cloudstack does the validation? Is there a handy script already? Here is my python script that use hmac python librar

Re: Re: signature

thank you very much! hj19870610 From: Gavin Lee Date: 2013-01-14 13:24 To: cloudstack-dev Subject: Re: signature Hi, CloudStack itself also has the tool for signature generating based on command and secretkey. You can get reference from: test/src/com/cloud/test/utils/UtilsForTest.java There

Re: signature

On Mon, Jan 14, 2013 at 12:24:40AM -0500, Gavin Lee wrote: > Hi, > CloudStack itself also has the tool for signature generating based on > command and secretkey. > You can get reference from: test/src/com/cloud/test/utils/UtilsForTest.java > There is a guide for CloudStack AP

Re: signature

Hi, CloudStack itself also has the tool for signature generating based on command and secretkey. You can get reference from: test/src/com/cloud/test/utils/UtilsForTest.java There is a guide for CloudStack API (Chinese only): http://www.cloudstack-china.org/2012/12/1465.html On Mon, Jan 14, 2013

Re: signature

Hi: Please refer to the document : CloudStack Developer's Guide and take a look to chapter 4. Regards Isaac On M

signature

hello: Cloud you tell me hou can I create a signature using API Key and Secret Key ?Thank you very much! hj19870610

[jira] [Updated] (CLOUDSTACK-609) [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid Signature' error.

valid Signature' error. (was: AttachVolume fails with 'Permission Denied: Invalid Signature' error.) > [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid > Signature' error. > --

[jira] [Updated] (CLOUDSTACK-609) AttachVolume fails with 'Permission Denied: Invalid Signature' error.

ume fails with 'Permission Denied: Invalid Signature' error. > - > > Key: CLOUDSTACK-609 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-609 > Project:

Re: Review Request: [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid Signature' error.

Damle. Changes --- Updating the bug-id Description --- In AWSAPI while forming the signature to validate an API, url-encode every parameter name with UTF-8 encoding scheme. This addresses bug CLOUDSTACK-609. Diffs - awsapi/src/com/cloud/bridge/service/EC2RestServlet.java

[jira] [Created] (CLOUDSTACK-609) AttachVolume fails with 'Permission Denied: Invalid Signature' error.

Likitha Shetty created CLOUDSTACK-609: - Summary: AttachVolume fails with 'Permission Denied: Invalid Signature' error. Key: CLOUDSTACK-609 URL: https://issues.apache.org/jira/browse/CLOU

Review Request: [EC2 Query API] AttachVolume fails with 'Permission Denied: Invalid Signature' error.

while forming the signature to validate an API, url-encode every parameter name with UTF-8 encoding scheme. This addresses bug CLOUDSTACK-197. Diffs - awsapi/src/com/cloud/bridge/service/EC2RestServlet.java 4f74873 Diff: https://reviews.apache.org/r/8480/diff/ Testing --- After

Re: About cloud-scripts-signature in System VM .

After over all > > listing files about scripts of cloudstack , I find a file named : > > > > *cloud-scripts-signature* in /var/cache/cloud directory. > > > > The content in the file is just one line > > signature: 54a6f65f3ac6b7d66cf595706e9c0933. > > >

Re: About cloud-scripts-signature in System VM .

This is checked and updated in /etc/init.d/cloud-early-config On 11/27/12 11:35 PM, "田春峰" wrote: >hi all, > > >Currently , I have to do some customise jobs on system vm . After over all >listing files about scripts of cloudstack , I find a file named : > > *c

About cloud-scripts-signature in System VM .

hi all, Currently , I have to do some customise jobs on system vm . After over all listing files about scripts of cloudstack , I find a file named : *cloud-scripts-signature* in /var/cache/cloud directory. The content in the file is just one line signature

Re: API Key and Signature security flaw on CS4 - jenkins build non-oss 137

I execute without problems. I was under impression API and Signature keys *verification* is performed prior to executing a command as authenticated SSH user. Otherwise, there is no need for generating the API/Signature key pair in the UI - any key will work. It is also not good for large environ

Re: API Key and Signature security flaw on CS4 - jenkins build non-oss 137

n 10/22/12 1:25 PM, "Musayev, Ilya" wrote: > >>I c. . so the API Key and Signature generation is obsolete as well? >> >>-Original Message- >>From: Edison Su [mailto:edison...@citrix.com] >>Sent: Monday, October 22, 2012 4:16 PM >>To: clou

Re: API Key and Signature security flaw on CS4 - jenkins build non-oss 137

e API Key and Signature generation is obsolete as well? > >-Original Message- >From: Edison Su [mailto:edison...@citrix.com] >Sent: Monday, October 22, 2012 4:16 PM >To: cloudstack-dev@incubator.apache.org >Subject: RE: API Key and Signature security flaw on CS4 - jenkins build &

RE: API Key and Signature security flaw on CS4 - jenkins build non-oss 137

I c. . so the API Key and Signature generation is obsolete as well? -Original Message- From: Edison Su [mailto:edison...@citrix.com] Sent: Monday, October 22, 2012 4:16 PM To: cloudstack-dev@incubator.apache.org Subject: RE: API Key and Signature security flaw on CS4 - jenkins build non

RE: API Key and Signature security flaw on CS4 - jenkins build non-oss 137

By default, port 8096 is disabled, and is intended to be without API signature/key check. If the 8096 is turned on by yourself, then somehow, it's up to you how to secure it. > -Original Message- > From: Musayev, Ilya [mailto:imusa...@webmd.net] > Sent: Monday, October 22

API Key and Signature security flaw on CS4 - jenkins build non-oss 137

I guess I found a not so cool feature/bug which is at this moment is a major security flaw for locally authenticated ssh use or from another host on the network . The API signature and key are not checked at all - I'm able to run the commands against API port with any key - and comma