From 3ab5ad6c5d1a722720c77cdb5d84922ef6397e07 Mon Sep 17 00:00:00 2001
From: Eduardo Olivares <eolivare@redhat.com>
Date: Tue, 26 Nov 2024 11:53:51 +0100
Subject: [PATCH] Patch paramiko to work with FIPs

Applying to tobiko the same solution that was applied for tempest at [1]
This is a known issue in paramiko [2]

[1] https://review.opendev.org/c/openstack/tempest/+/822560
[2] https://github.com/paramiko/paramiko/issues/396

Change-Id: I27bcce74eb78af4c1bb1a57eb01d8fd5088f13ca
---
 tobiko/shell/ssh/_client.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tobiko/shell/ssh/_client.py b/tobiko/shell/ssh/_client.py
index b627a1f22..ed6b712b8 100644
--- a/tobiko/shell/ssh/_client.py
+++ b/tobiko/shell/ssh/_client.py
@@ -27,6 +27,7 @@ import typing
 import netaddr
 import testtools
 from oslo_log import log
+from oslo_utils.secretutils import md5
 import paramiko
 from paramiko import common
 
@@ -38,6 +39,22 @@ from tobiko.shell.ssh import _command
 LOG = log.getLogger(__name__)
 
 
+def get_fingerprint(self):
+    """Patch paramiko
+
+    This method needs to be patched to allow paramiko to work under FIPS.
+    Until the patch to do this merges, patch paramiko here.
+
+    TODO(eolivare) Remove this when paramiko is patched.
+    See https://github.com/paramiko/paramiko/pull/1928
+    """
+    return md5(self.asbytes(), usedforsecurity=False).digest()
+
+
+# mypy: disable-error-code="assignment"
+paramiko.pkey.PKey.get_fingerprint = get_fingerprint
+
+
 def valid_hostname(value):
     hostname = str(value)
     if not hostname: