Siim Põder added a comment - 25/Oct/14 21:47 - edited I had fixed this locally and noticed the patch: diff --git a/libcloud/common/google.py b/libcloud/common/google.py index 52692e6..5583334 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -78,7 +78,7 @@ import os import socket import sys -from libcloud.utils.py3 import httplib, urlencode, urlparse, PY3 +from libcloud.utils.py3 import b, httplib, urlencode, urlparse, PY3 from libcloud.common.base import (ConnectionUserAndKey, JsonResponse, PollingConnection) from libcloud.common.types import (ProviderError, @@ -425,7 +425,7 @@ class GoogleServiceAcctAuthConnection(GoogleBaseAuthConnection): """ # The header is always the same header = {'alg': 'RS256', 'typ': 'JWT'} - header_enc = base64.urlsafe_b64encode(json.dumps(header)) + header_enc = base64.urlsafe_b64encode(b(json.dumps(header))) # Construct a claim set claim_set = {'iss': self.user_id, @@ -433,10 +433,10 @@ class GoogleServiceAcctAuthConnection(GoogleBaseAuthConnection): 'aud': 'https: //accounts.google.com/o/oauth2/token', 'exp': int (time.time()) + 3600, 'iat': int (time.time())} - claim_set_enc = base64.urlsafe_b64encode(json.dumps(claim_set)) + claim_set_enc = base64.urlsafe_b64encode(b(json.dumps(claim_set))) # The message contains both the header and claim set - message = '%s.%s' % (header_enc, claim_set_enc) + message = b'.'.join((header_enc, claim_set_enc)) # Then the message is signed using the key supplied key = RSA.importKey(self.key) hash_func = SHA256. new (message) @@ -444,7 +444,7 @@ class GoogleServiceAcctAuthConnection(GoogleBaseAuthConnection): signature = base64.urlsafe_b64encode(signer.sign(hash_func)) # Finally the message and signature are sent to get a token - jwt = '%s.%s' % (message, signature) + jwt = b'.'.join((message, signature)) request = {'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion': jwt}

Tomaz Muraus added a comment - 26/Oct/14 13:25 First of all, good catch. Second, can you please open a pull request with your changes? It will be easier to comment on the diff. In general, I think the changes look OK, but they need some tests and testing. I need to double check if SHA256 takes bytes or string. If it takes a string, we will also need to call ".decode('utf-8') on header_enc variable, etc...

Tomaz Muraus added a comment - 28/Oct/14 14:01 /cc Eric Johnson

Siim Põder added a comment - 01/Nov/14 18:53 I'll need to get approval (which is not a problem but takes a few days) to properly submit patches. I also have not tried this with python2 nor looked at any contributing guidelines.

Eric Johnson added a comment - 30/Dec/14 20:47 Hi Siim, Any progress on approvals and a patch to fix this? If you'd prefer, I can take what you've started and see about getting it added. Happy to go either way here. Thanks! Eric

Eric Johnson added a comment - 23/Jan/15 22:45 Hi Siim, In case you didn't catch the github notice, I included your fix in https://github.com/apache/libcloud/pull/438 since I needed to update the driver for the new JSON private key format. Hope you don't mind! If you do, please let me know and I'll pull that part out so you can submit the patch. Cheers, Eric

ASF subversion and git services added a comment - 26/Jan/15 15:43 Commit ab7d07bd4e7197c275a926de8d9639de9bc234a6 in libcloud's branch refs/heads/trunk from Eric Johnson [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=ab7d07b ] [google compute] Add support for JSON private key format Closes #438 Closes LIBCLOUD-627 Closes LIBCLOUD-657 Signed-off-by: Eric Johnson <erjohnso@google.com>