use list instead of tuple and remove md5 on ValueError (ansible#51357)

* use list instead of tuple and remove md5 on ValueError Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com> * convert algorithms to list and add comment Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com> * only convert to list if algorithms is not None Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com> * new fragment for PR 51357 Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com> * fix lint: remove blank line
samdoran · Feb 7, 2019 · c459f04 · c459f04
1 parent d40f031
commit c459f04
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/changelogs/fragments/51357-module_utils-basic.yml b/changelogs/fragments/51357-module_utils-basic.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+    - ansible.module_utils.basic - fix handling of md5 in algorithms tuple for FIPS compatibility (https://github.com/ansible/ansible/issues/51355)
diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py
@@ -128,18 +128,20 @@
     for attribute in ('available_algorithms', 'algorithms'):
         algorithms = getattr(hashlib, attribute, None)
         if algorithms:
+            # convert algorithms to list instead of immutable tuple so md5 can be removed if not available
+            algorithms = list(algorithms)
             break
     if algorithms is None:
         # python 2.5+
-        algorithms = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512')
+        algorithms = ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']
     for algorithm in algorithms:
         AVAILABLE_HASH_ALGORITHMS[algorithm] = getattr(hashlib, algorithm)
 
     # we may have been able to import md5 but it could still not be available
     try:
         hashlib.md5()
     except ValueError:
-        algorithms.pop('md5', None)
+        algorithms.remove('md5')
 except Exception:
     import sha
     AVAILABLE_HASH_ALGORITHMS = {'sha1': sha.sha}