From a22fb928a53e044d34aa8bbd5e2a4e8f4c37f933 Mon Sep 17 00:00:00 2001 From: Nathaniel Case Date: Wed, 29 Sep 2021 16:20:10 -0400 Subject: [PATCH] netconf - handle import error when running in FIPS mode (#73992) (#75706) * Handle netconf plugin ncclient import error when running in FIPS mode * While running in FIPS mode importing ncclient result in InternalError raised by cryptography * Refer https://github.com/ansible/ansible/pull/65477 (cherry picked from commit d8bf4206e446c45ba057e85819278cef5fbeff2c) Co-authored-by: Ganesh Nalawade --- changelogs/fragments/fips-ncclient-import-error.yaml | 2 ++ lib/ansible/plugins/netconf/__init__.py | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/fips-ncclient-import-error.yaml diff --git a/changelogs/fragments/fips-ncclient-import-error.yaml b/changelogs/fragments/fips-ncclient-import-error.yaml new file mode 100644 index 00000000000..5a906d5be6c --- /dev/null +++ b/changelogs/fragments/fips-ncclient-import-error.yaml @@ -0,0 +1,2 @@ +bugfixes: + - netconf - catch and handle exception to prevent stack trace when running in FIPS mode diff --git a/lib/ansible/plugins/netconf/__init__.py b/lib/ansible/plugins/netconf/__init__.py index 95442e60e96..36d082b2c86 100644 --- a/lib/ansible/plugins/netconf/__init__.py +++ b/lib/ansible/plugins/netconf/__init__.py @@ -32,7 +32,10 @@ try: from ncclient.xml_ import to_xml, to_ele, NCElement HAS_NCCLIENT = True NCCLIENT_IMP_ERR = None -except (ImportError, AttributeError) as err: # paramiko and gssapi are incompatible and raise AttributeError not ImportError +# paramiko and gssapi are incompatible and raise AttributeError not ImportError +# When running in FIPS mode, cryptography raises InternalError +# https://bugzilla.redhat.com/show_bug.cgi?id=1778939 +except Exception as err: HAS_NCCLIENT = False NCCLIENT_IMP_ERR = err