From c459f040da88004b2fb0faa646cdd6530e99e2fe Mon Sep 17 00:00:00 2001
From: Mike Sgarbossa <mikeysky@gmail.com>
Date: Thu, 7 Feb 2019 09:23:11 -0700
Subject: [PATCH] use list instead of tuple and remove md5 on ValueError
 (#51357)

* use list instead of tuple and remove md5 on ValueError

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* convert algorithms to list and add comment

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* only convert to list if algorithms is not None

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* new fragment for PR 51357

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* fix lint: remove blank line
---
 changelogs/fragments/51357-module_utils-basic.yml | 3 +++
 lib/ansible/module_utils/basic.py                 | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/51357-module_utils-basic.yml

diff --git a/changelogs/fragments/51357-module_utils-basic.yml b/changelogs/fragments/51357-module_utils-basic.yml
new file mode 100644
index 00000000000..ed7db907919
--- /dev/null
+++ b/changelogs/fragments/51357-module_utils-basic.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+    - ansible.module_utils.basic - fix handling of md5 in algorithms tuple for FIPS compatibility (https://github.com/ansible/ansible/issues/51355)
diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py
index 0393a2abd5e..d1856afc6d6 100644
--- a/lib/ansible/module_utils/basic.py
+++ b/lib/ansible/module_utils/basic.py
@@ -128,10 +128,12 @@ try:
     for attribute in ('available_algorithms', 'algorithms'):
         algorithms = getattr(hashlib, attribute, None)
         if algorithms:
+            # convert algorithms to list instead of immutable tuple so md5 can be removed if not available
+            algorithms = list(algorithms)
             break
     if algorithms is None:
         # python 2.5+
-        algorithms = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512')
+        algorithms = ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']
     for algorithm in algorithms:
         AVAILABLE_HASH_ALGORITHMS[algorithm] = getattr(hashlib, algorithm)
 
@@ -139,7 +141,7 @@ try:
     try:
         hashlib.md5()
     except ValueError:
-        algorithms.pop('md5', None)
+        algorithms.remove('md5')
 except Exception:
     import sha
     AVAILABLE_HASH_ALGORITHMS = {'sha1': sha.sha}