cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

netconf - handle import error when running in FIPS mode (#73992)

Browse source 
* Handle netconf plugin ncclient import error when running in FIPS mode

*  While running in FIPS mode importing ncclient result in
   InternalError raised by cryptography
*  Refer https://github.com/ansible/ansible/pull/65477
This commit is contained in:
Ganesh Nalawade 2021-04-19 22:11:55 +05:30 committed by GitHub
parent 325ccf22fe
commit d8bf4206e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/fips-ncclient-import-error.yaml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- netconf - catch and handle exception to prevent stack trace when running in FIPS mode

5
lib/ansible/plugins/netconf/__init__.py
View file

@ -32,7 +32,10 @@ try:
from ncclient.xml_ import to_xml, to_ele, NCElement from ncclient.xml_ import to_xml, to_ele, NCElement
HAS_NCCLIENT = True HAS_NCCLIENT = True
NCCLIENT_IMP_ERR = None NCCLIENT_IMP_ERR = None
except (ImportError, AttributeError) as err: # paramiko and gssapi are incompatible and raise AttributeError not ImportError # paramiko and gssapi are incompatible and raise AttributeError not ImportError
# When running in FIPS mode, cryptography raises InternalError
# https://bugzilla.redhat.com/show_bug.cgi?id=1778939
except Exception as err:
HAS_NCCLIENT = False HAS_NCCLIENT = False
NCCLIENT_IMP_ERR = err NCCLIENT_IMP_ERR = err