From 63f45987375da7b42afadeb30378a51f211e81c1 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Fri, 17 Sep 2021 19:35:43 +0200 Subject: [PATCH] acme_challenge_cert_helper: fail better to avoid crashes in Ansible (#282) * Prevent acme_challenge_cert_helper triggering a bug in Ansible. * Add changelog fragment. --- .../fragments/282-acme_challenge_cert_helper-error.yml | 2 ++ plugins/modules/acme_challenge_cert_helper.py | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/282-acme_challenge_cert_helper-error.yml diff --git a/changelogs/fragments/282-acme_challenge_cert_helper-error.yml b/changelogs/fragments/282-acme_challenge_cert_helper-error.yml new file mode 100644 index 00000000..40de4120 --- /dev/null +++ b/changelogs/fragments/282-acme_challenge_cert_helper-error.yml @@ -0,0 +1,2 @@ +bugfixes: +- "acme_challenge_cert_helper - only return exception when cryptography is not installed, not when a too old version of it is installed. This prevents Ansible's callback to crash (https://github.com/ansible-collections/community.crypto/pull/281)." diff --git a/plugins/modules/acme_challenge_cert_helper.py b/plugins/modules/acme_challenge_cert_helper.py index 5db1b17d..93b765eb 100644 --- a/plugins/modules/acme_challenge_cert_helper.py +++ b/plugins/modules/acme_challenge_cert_helper.py @@ -202,7 +202,10 @@ def main(): ), ) if not HAS_CRYPTOGRAPHY: - module.fail_json(msg=missing_required_lib('cryptography >= 1.3'), exception=CRYPTOGRAPHY_IMP_ERR) + # Some callbacks die when exception is provided with value None + if CRYPTOGRAPHY_IMP_ERR: + module.fail_json(msg=missing_required_lib('cryptography >= 1.3'), exception=CRYPTOGRAPHY_IMP_ERR) + module.fail_json(msg=missing_required_lib('cryptography >= 1.3')) try: # Get parameters