Enable Custom Cipher Selection for Redfish Modules (#8533)

* Enable custom cipher selection for redfish modules Signed-off-by: David Ehrman <dlehrman@liberty.edu> * Add changelog fragment Signed-off-by: David Ehrman <dlehrman@liberty.edu> * Added version_added to the ciphers option in redfish modules Signed-off-by: David Ehrman <dlehrman@liberty.edu> --------- Signed-off-by: David Ehrman <dlehrman@liberty.edu>
2025-07-09 23:00:02 -07:00 · 2024-06-20 15:03:28 -04:00 · 2024-06-20 15:03:28 -04:00 · 0d50131d5e
commit 0d50131d5e
parent 60ba7cab93
5 changed files with 63 additions and 10 deletions
--- a/plugins/modules/redfish_command.py
+++ b/plugins/modules/redfish_command.py
@ -302,6 +302,17 @@ options:
    type: int
    default: 120
    version_added: 9.1.0
+  ciphers:
+    required: false
+    description:
+      - SSL/TLS Ciphers to use for the request.
+      - 'When a list is provided, all ciphers are joined in order with V(:).'
+      - See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
+        for more details.
+      - The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
+    type: list
+    elements: str
+    version_added: 9.2.0

 author:
  - "Jose Delarosa (@jose-delarosa)"
@ -868,6 +879,7 @@ def main():
            bios_attributes=dict(type="dict"),
            wait=dict(type='bool', default=False),
            wait_timeout=dict(type='int', default=120),
+            ciphers=dict(type='list', elements='str'),
        ),
        required_together=[
            ('username', 'password'),
@ -936,10 +948,14 @@ def main():
    # BIOS Attributes options
    bios_attributes = module.params['bios_attributes']

+    # ciphers
+    ciphers = module.params['ciphers']
+
    # Build root URI
    root_uri = "https://" + module.params['baseuri']
    rf_utils = RedfishUtils(creds, root_uri, timeout, module,
-                            resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes)
+                            resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes,
+                            ciphers=ciphers)

    # Check that Category is valid
    if category not in CATEGORY_COMMANDS_ALL:
--- a/plugins/modules/redfish_config.py
+++ b/plugins/modules/redfish_config.py
@ -167,6 +167,18 @@ options:
    type: dict
    default: {}
    version_added: '7.5.0'
+  ciphers:
+    required: false
+    description:
+      - SSL/TLS Ciphers to use for the request.
+      - 'When a list is provided, all ciphers are joined in order with V(:).'
+      - See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
+        for more details.
+      - The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
+    type: list
+    elements: str
+    version_added: 9.2.0
+
 author:
  - "Jose Delarosa (@jose-delarosa)"
  - "T S Kushal (@TSKushal)"
@ -405,7 +417,8 @@ def main():
            storage_subsystem_id=dict(type='str', default=''),
            volume_ids=dict(type='list', default=[], elements='str'),
            secure_boot_enable=dict(type='bool', default=True),
-            volume_details=dict(type='dict', default={})
+            volume_details=dict(type='dict', default={}),
+            ciphers=dict(type='list', elements='str'),
        ),
        required_together=[
            ('username', 'password'),
@ -469,10 +482,14 @@ def main():
    volume_details = module.params['volume_details']
    storage_subsystem_id = module.params['storage_subsystem_id']

+    # ciphers
+    ciphers = module.params['ciphers']
+
    # Build root URI
    root_uri = "https://" + module.params['baseuri']
    rf_utils = RedfishUtils(creds, root_uri, timeout, module,
-                            resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes)
+                            resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes,
+                            ciphers=ciphers)

    # Check that Category is valid
    if category not in CATEGORY_COMMANDS_ALL:
--- a/plugins/modules/redfish_info.py
+++ b/plugins/modules/redfish_info.py
@ -73,6 +73,17 @@ options:
      - Handle to check the status of an update in progress.
    type: str
    version_added: '6.1.0'
+  ciphers:
+    required: false
+    description:
+      - SSL/TLS Ciphers to use for the request.
+      - 'When a list is provided, all ciphers are joined in order with V(:).'
+      - See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
+        for more details.
+      - The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
+    type: list
+    elements: str
+    version_added: 9.2.0

 author: "Jose Delarosa (@jose-delarosa)"
 '''
@ -423,6 +434,7 @@ def main():
            timeout=dict(type='int', default=60),
            update_handle=dict(),
            manager=dict(),
+            ciphers=dict(type='list', elements='str'),
        ),
        required_together=[
            ('username', 'password'),
@ -450,9 +462,12 @@ def main():
    # manager
    manager = module.params['manager']

+    # ciphers
+    ciphers = module.params['ciphers']
+
    # Build root URI
    root_uri = "https://" + module.params['baseuri']
-    rf_utils = RedfishUtils(creds, root_uri, timeout, module)
+    rf_utils = RedfishUtils(creds, root_uri, timeout, module, ciphers=ciphers)

    # Build Category list
    if "all" in module.params['category']: