Patch paramiko to work with FIPs

Applying to tobiko the same solution that was applied for tempest at [1] This is a known issue in paramiko [2] [1] https://review.opendev.org/c/openstack/tempest/+/822560 [2] https://github.com/paramiko/paramiko/issues/396 Change-Id: I27bcce74eb78af4c1bb1a57eb01d8fd5088f13ca
2024-11-26 11:53:51 +01:00 · 2024-11-26 11:53:51 +01:00 · 3ab5ad6c5d
commit 3ab5ad6c5d
parent e175e1e781
1 changed files with 17 additions and 0 deletions
--- a/tobiko/shell/ssh/_client.py
+++ b/tobiko/shell/ssh/_client.py
@ -27,6 +27,7 @@ import typing
 import netaddr
 import testtools
 from oslo_log import log
+from oslo_utils.secretutils import md5
 import paramiko
 from paramiko import common

@ -38,6 +39,22 @@ from tobiko.shell.ssh import _command
 LOG = log.getLogger(__name__)


+def get_fingerprint(self):
+    """Patch paramiko
+
+    This method needs to be patched to allow paramiko to work under FIPS.
+    Until the patch to do this merges, patch paramiko here.
+
+    TODO(eolivare) Remove this when paramiko is patched.
+    See https://github.com/paramiko/paramiko/pull/1928
+    """
+    return md5(self.asbytes(), usedforsecurity=False).digest()
+
+
+# mypy: disable-error-code="assignment"
+paramiko.pkey.PKey.get_fingerprint = get_fingerprint
+
+
 def valid_hostname(value):
    hostname = str(value)
    if not hostname: