cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Handle InternalError raised by cryptography when running in FIPS mode (#65477)

Browse source 
Since older versions of paramiko do not require cryptography,
we cannot catch the exact exception from cryptography.

Remove other exceptions since we're catching everything now
This commit is contained in:
Sam Doran 2019-12-09 13:18:32 -05:00 committed by GitHub
parent 0b2558051c
commit d35c1a435b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/fips-paramiko-import-error.yaml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- paramiko - catch and handle exception to prevent stack trace when running in FIPS mode

5
lib/ansible/module_utils/compat/paramiko.py
View file

@ -10,5 +10,8 @@ PARAMIKO_IMPORT_ERR = None
paramiko = None
try:
import paramiko
except (ImportError, AttributeError) as err: # paramiko and gssapi are incompatible and raise AttributeError not ImportError
# paramiko and gssapi are incompatible and raise AttributeError not ImportError
# When running in FIPS mode, cryptography raises InternalError
# https://bugzilla.redhat.com/show_bug.cgi?id=1778939
except Exception as err:
PARAMIKO_IMPORT_ERR = err