From aa943fcb29c455cd6b9918479a99d660e67a7a0e Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Wed, 2 Oct 2024 18:26:30 +0900
Subject: [PATCH] Replace deprecated constant_time_compare

The method is being deprecated now[1].

[1] https://review.opendev.org/c/openstack/oslo.utils/+/930198

Closes-Bug: #2081732
Change-Id: Iae77e4fa7f6f078edc2ed3f85d98a7274757bb13
---
 nova/api/metadata/handler.py     | 3 +--
 nova/tests/unit/test_metadata.py | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/nova/api/metadata/handler.py b/nova/api/metadata/handler.py
index 7ec839d424..9ba010ac8e 100644
--- a/nova/api/metadata/handler.py
+++ b/nova/api/metadata/handler.py
@@ -21,7 +21,6 @@ import os
 
 from oslo_log import log as logging
 from oslo_utils import encodeutils
-from oslo_utils import secretutils as secutils
 from oslo_utils import strutils
 import webob.dec
 import webob.exc
@@ -303,7 +302,7 @@ class MetadataRequestHandler(wsgi.Application):
             encodeutils.to_utf8(requestor_id),
             hashlib.sha256).hexdigest()
         if (not signature or
-            not secutils.constant_time_compare(expected_signature, signature)):
+                not hmac.compare_digest(expected_signature, signature)):
             if requestor_id:
                 LOG.warning('X-Instance-ID-Signature: %(signature)s does '
                             'not match the expected value: '
diff --git a/nova/tests/unit/test_metadata.py b/nova/tests/unit/test_metadata.py
index 2094b276e5..e32c4e6baa 100644
--- a/nova/tests/unit/test_metadata.py
+++ b/nova/tests/unit/test_metadata.py
@@ -1152,7 +1152,7 @@ class MetadataHandlerTestCase(test.TestCase):
                                 relpath="/2009-04-04/user-data-invalid")
         self.assertEqual(response.status_int, 404)
 
-    @mock.patch('oslo_utils.secretutils.constant_time_compare')
+    @mock.patch('hmac.compare_digest')
     def test_by_instance_id_uses_constant_time_compare(self, mock_compare):
         mock_compare.side_effect = test.TestingException