netconf - handle import error when running in FIPS mode (#73992) (#75707)

* Handle netconf plugin ncclient import error when running in FIPS mode

*  While running in FIPS mode importing ncclient result in
   InternalError raised by cryptography
*  Refer https://github.com/ansible/ansible/pull/65477

(cherry picked from commit d8bf4206e446c45ba057e85819278cef5fbeff2c)

Co-authored-by: Ganesh Nalawade <ganesh634@gmail.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/changelogs/fragments/fips-ncclient-import-error.yaml b/changelogs/fragments/fips-ncclient-import-error.yaml
new file mode 100644
index 0000000000..5a906d5be6
--- /dev/null
+++ b/changelogs/fragments/fips-ncclient-import-error.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - netconf - catch and handle exception to prevent stack trace when running in FIPS mode
diff --git a/lib/ansible/plugins/netconf/__init__.py b/lib/ansible/plugins/netconf/__init__.py
index d25f4d3598..07b7f64ff1 100644
--- a/lib/ansible/plugins/netconf/__init__.py
+++ b/lib/ansible/plugins/netconf/__init__.py
@@ -32,7 +32,10 @@ try:
     from ncclient.xml_ import to_xml, to_ele, NCElement
     HAS_NCCLIENT = True
     NCCLIENT_IMP_ERR = None
-except (ImportError, AttributeError) as err:  # paramiko and gssapi are incompatible and raise AttributeError not ImportError
+# paramiko and gssapi are incompatible and raise AttributeError not ImportError
+# When running in FIPS mode, cryptography raises InternalError
+# https://bugzilla.redhat.com/show_bug.cgi?id=1778939
+except Exception as err:
     HAS_NCCLIENT = False
     NCCLIENT_IMP_ERR = err