Improve import error handling for ACME modules (#519)

* Improve import error handling for ACME modules * Update plugins/module_utils/acme/acme.py Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua> Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2022-10-17 21:38:54 +02:00 · 2022-10-17 21:38:54 +02:00 · 516be406e0
parent 1f4840ba2f
commit 516be406e0
3 changed files with 30 additions and 6 deletions
--- a/changelogs/fragments/519-acme-cryptography.yml
+++ b/changelogs/fragments/519-acme-cryptography.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - "acme_* modules - improve feedback when importing ``cryptography`` does not work (https://github.com/ansible-collections/community.crypto/issues/518, https://github.com/ansible-collections/community.crypto/pull/519)."
--- a/plugins/module_utils/acme/acme.py
+++ b/plugins/module_utils/acme/acme.py
@ -27,6 +27,8 @@ from ansible_collections.community.crypto.plugins.module_utils.acme.backend_open

 from ansible_collections.community.crypto.plugins.module_utils.acme.backend_cryptography import (
    CryptographyBackend,
+    CRYPTOGRAPHY_ERROR,
+    CRYPTOGRAPHY_MINIMAL_VERSION,
    CRYPTOGRAPHY_VERSION,
    HAS_CURRENT_CRYPTOGRAPHY,
 )
@ -399,8 +401,19 @@ def create_backend(module, needs_acme_v2):

    # Create backend object
    if backend == 'cryptography':
+        if CRYPTOGRAPHY_ERROR is not None:
+            # Either we couldn't import cryptography at all, or there was an unexpected error
+            if CRYPTOGRAPHY_VERSION is None:
+                msg = missing_required_lib('cryptography')
+            else:
+                msg = 'Unexpected error while preparing cryptography: {0}'.format(CRYPTOGRAPHY_ERROR.splitlines()[-1])
+            module.fail_json(msg=msg, exception=CRYPTOGRAPHY_ERROR)
        if not HAS_CURRENT_CRYPTOGRAPHY:
-            module.fail_json(msg=missing_required_lib('cryptography'))
+            # We succeeded importing cryptography, but its version is too old.
+            module.fail_json(
+                msg='Found cryptography, but only version {0}. {1}'.format(
+                    CRYPTOGRAPHY_VERSION,
+                    missing_required_lib('cryptography >= {0}'.format(CRYPTOGRAPHY_MINIMAL_VERSION))))
        module.debug('Using cryptography backend (library version {0})'.format(CRYPTOGRAPHY_VERSION))
        module_backend = CryptographyBackend(module)
    elif backend == 'openssl':
--- a/plugins/module_utils/acme/backend_cryptography.py
+++ b/plugins/module_utils/acme/backend_cryptography.py
@ -14,6 +14,7 @@ import binascii
 import datetime
 import os
 import sys
+import traceback

 from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text

@ -48,6 +49,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import
    extract_first_pem,
 )

+CRYPTOGRAPHY_MINIMAL_VERSION = '1.5'
+
+CRYPTOGRAPHY_ERROR = None
 try:
    import cryptography
    import cryptography.hazmat.backends
@ -60,13 +64,18 @@ try:
    import cryptography.hazmat.primitives.serialization
    import cryptography.x509
    import cryptography.x509.oid
+except ImportError as dummy:
+    HAS_CURRENT_CRYPTOGRAPHY = False
+    CRYPTOGRAPHY_VERSION = None
+    CRYPTOGRAPHY_ERROR = traceback.format_exc()
+else:
    CRYPTOGRAPHY_VERSION = cryptography.__version__
-    HAS_CURRENT_CRYPTOGRAPHY = (LooseVersion(CRYPTOGRAPHY_VERSION) >= LooseVersion('1.5'))
+    HAS_CURRENT_CRYPTOGRAPHY = (LooseVersion(CRYPTOGRAPHY_VERSION) >= LooseVersion(CRYPTOGRAPHY_MINIMAL_VERSION))
+    try:
        if HAS_CURRENT_CRYPTOGRAPHY:
            _cryptography_backend = cryptography.hazmat.backends.default_backend()
    except Exception as dummy:
-    HAS_CURRENT_CRYPTOGRAPHY = False
-    CRYPTOGRAPHY_VERSION = None
+        CRYPTOGRAPHY_ERROR = traceback.format_exc()


 if sys.version_info[0] >= 3: