mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 05:23:58 -07:00 
			
		
		
		
	[PR #8533/0d50131d backport][stable-9] Enable Custom Cipher Selection for Redfish Modules (#8548)
Enable Custom Cipher Selection for Redfish Modules (#8533)
* Enable custom cipher selection for redfish modules
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Add changelog fragment
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Added version_added to the ciphers option in redfish modules
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
---------
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
(cherry picked from commit 0d50131d5e)
Co-authored-by: dlehrman <dlehrman@users.noreply.github.com>
	
	
This commit is contained in:
		
					parent
					
						
							
								d823d71442
							
						
					
				
			
			
				commit
				
					
						d8807e9b51
					
				
			
		
					 5 changed files with 63 additions and 10 deletions
				
			
		
							
								
								
									
										4
									
								
								changelogs/fragments/8533-add-ciphers-option.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								changelogs/fragments/8533-add-ciphers-option.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,4 @@ | |||
| --- | ||||
| minor_changes: | ||||
|   - redfish_* modules - adds ``ciphers`` option for custom cipher selection (https://github.com/ansible-collections/community.general/pull/8533). | ||||
| ... | ||||
|  | @ -42,7 +42,7 @@ FAIL_MSG = 'Issuing a data modification command without specifying the '\ | |||
| class RedfishUtils(object): | ||||
| 
 | ||||
|     def __init__(self, creds, root_uri, timeout, module, resource_id=None, | ||||
|                  data_modification=False, strip_etag_quotes=False): | ||||
|                  data_modification=False, strip_etag_quotes=False, ciphers=None): | ||||
|         self.root_uri = root_uri | ||||
|         self.creds = creds | ||||
|         self.timeout = timeout | ||||
|  | @ -53,6 +53,7 @@ class RedfishUtils(object): | |||
|         self.resource_id = resource_id | ||||
|         self.data_modification = data_modification | ||||
|         self.strip_etag_quotes = strip_etag_quotes | ||||
|         self.ciphers = ciphers | ||||
|         self._vendor = None | ||||
|         self._init_session() | ||||
| 
 | ||||
|  | @ -149,7 +150,7 @@ class RedfishUtils(object): | |||
|                             url_username=username, url_password=password, | ||||
|                             force_basic_auth=basic_auth, validate_certs=False, | ||||
|                             follow_redirects='all', | ||||
|                             use_proxy=True, timeout=timeout) | ||||
|                             use_proxy=True, timeout=timeout, ciphers=self.ciphers) | ||||
|             headers = dict((k.lower(), v) for (k, v) in resp.info().items()) | ||||
|             try: | ||||
|                 if headers.get('content-encoding') == 'gzip' and LooseVersion(ansible_version) < LooseVersion('2.14'): | ||||
|  | @ -199,7 +200,7 @@ class RedfishUtils(object): | |||
|                             url_username=username, url_password=password, | ||||
|                             force_basic_auth=basic_auth, validate_certs=False, | ||||
|                             follow_redirects='all', | ||||
|                             use_proxy=True, timeout=self.timeout) | ||||
|                             use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) | ||||
|             try: | ||||
|                 data = json.loads(to_native(resp.read())) | ||||
|             except Exception as e: | ||||
|  | @ -253,7 +254,7 @@ class RedfishUtils(object): | |||
|                             url_username=username, url_password=password, | ||||
|                             force_basic_auth=basic_auth, validate_certs=False, | ||||
|                             follow_redirects='all', | ||||
|                             use_proxy=True, timeout=self.timeout) | ||||
|                             use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) | ||||
|         except HTTPError as e: | ||||
|             msg = self._get_extended_message(e) | ||||
|             return {'ret': False, 'changed': False, | ||||
|  | @ -288,7 +289,7 @@ class RedfishUtils(object): | |||
|                             url_username=username, url_password=password, | ||||
|                             force_basic_auth=basic_auth, validate_certs=False, | ||||
|                             follow_redirects='all', | ||||
|                             use_proxy=True, timeout=self.timeout) | ||||
|                             use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) | ||||
|         except HTTPError as e: | ||||
|             msg = self._get_extended_message(e) | ||||
|             return {'ret': False, | ||||
|  | @ -314,7 +315,7 @@ class RedfishUtils(object): | |||
|                             url_username=username, url_password=password, | ||||
|                             force_basic_auth=basic_auth, validate_certs=False, | ||||
|                             follow_redirects='all', | ||||
|                             use_proxy=True, timeout=self.timeout) | ||||
|                             use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) | ||||
|         except HTTPError as e: | ||||
|             msg = self._get_extended_message(e) | ||||
|             return {'ret': False, | ||||
|  |  | |||
|  | @ -302,6 +302,17 @@ options: | |||
|     type: int | ||||
|     default: 120 | ||||
|     version_added: 9.1.0 | ||||
|   ciphers: | ||||
|     required: false | ||||
|     description: | ||||
|       - SSL/TLS Ciphers to use for the request. | ||||
|       - 'When a list is provided, all ciphers are joined in order with V(:).' | ||||
|       - See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT) | ||||
|         for more details. | ||||
|       - The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions. | ||||
|     type: list | ||||
|     elements: str | ||||
|     version_added: 9.2.0 | ||||
| 
 | ||||
| author: | ||||
|   - "Jose Delarosa (@jose-delarosa)" | ||||
|  | @ -868,6 +879,7 @@ def main(): | |||
|             bios_attributes=dict(type="dict"), | ||||
|             wait=dict(type='bool', default=False), | ||||
|             wait_timeout=dict(type='int', default=120), | ||||
|             ciphers=dict(type='list', elements='str'), | ||||
|         ), | ||||
|         required_together=[ | ||||
|             ('username', 'password'), | ||||
|  | @ -936,10 +948,14 @@ def main(): | |||
|     # BIOS Attributes options | ||||
|     bios_attributes = module.params['bios_attributes'] | ||||
| 
 | ||||
|     # ciphers | ||||
|     ciphers = module.params['ciphers'] | ||||
| 
 | ||||
|     # Build root URI | ||||
|     root_uri = "https://" + module.params['baseuri'] | ||||
|     rf_utils = RedfishUtils(creds, root_uri, timeout, module, | ||||
|                             resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes) | ||||
|                             resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes, | ||||
|                             ciphers=ciphers) | ||||
| 
 | ||||
|     # Check that Category is valid | ||||
|     if category not in CATEGORY_COMMANDS_ALL: | ||||
|  |  | |||
|  | @ -167,6 +167,18 @@ options: | |||
|     type: dict | ||||
|     default: {} | ||||
|     version_added: '7.5.0' | ||||
|   ciphers: | ||||
|     required: false | ||||
|     description: | ||||
|       - SSL/TLS Ciphers to use for the request. | ||||
|       - 'When a list is provided, all ciphers are joined in order with V(:).' | ||||
|       - See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT) | ||||
|         for more details. | ||||
|       - The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions. | ||||
|     type: list | ||||
|     elements: str | ||||
|     version_added: 9.2.0 | ||||
| 
 | ||||
| author: | ||||
|   - "Jose Delarosa (@jose-delarosa)" | ||||
|   - "T S Kushal (@TSKushal)" | ||||
|  | @ -405,7 +417,8 @@ def main(): | |||
|             storage_subsystem_id=dict(type='str', default=''), | ||||
|             volume_ids=dict(type='list', default=[], elements='str'), | ||||
|             secure_boot_enable=dict(type='bool', default=True), | ||||
|             volume_details=dict(type='dict', default={}) | ||||
|             volume_details=dict(type='dict', default={}), | ||||
|             ciphers=dict(type='list', elements='str'), | ||||
|         ), | ||||
|         required_together=[ | ||||
|             ('username', 'password'), | ||||
|  | @ -469,10 +482,14 @@ def main(): | |||
|     volume_details = module.params['volume_details'] | ||||
|     storage_subsystem_id = module.params['storage_subsystem_id'] | ||||
| 
 | ||||
|     # ciphers | ||||
|     ciphers = module.params['ciphers'] | ||||
| 
 | ||||
|     # Build root URI | ||||
|     root_uri = "https://" + module.params['baseuri'] | ||||
|     rf_utils = RedfishUtils(creds, root_uri, timeout, module, | ||||
|                             resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes) | ||||
|                             resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes, | ||||
|                             ciphers=ciphers) | ||||
| 
 | ||||
|     # Check that Category is valid | ||||
|     if category not in CATEGORY_COMMANDS_ALL: | ||||
|  |  | |||
|  | @ -73,6 +73,17 @@ options: | |||
|       - Handle to check the status of an update in progress. | ||||
|     type: str | ||||
|     version_added: '6.1.0' | ||||
|   ciphers: | ||||
|     required: false | ||||
|     description: | ||||
|       - SSL/TLS Ciphers to use for the request. | ||||
|       - 'When a list is provided, all ciphers are joined in order with V(:).' | ||||
|       - See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT) | ||||
|         for more details. | ||||
|       - The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions. | ||||
|     type: list | ||||
|     elements: str | ||||
|     version_added: 9.2.0 | ||||
| 
 | ||||
| author: "Jose Delarosa (@jose-delarosa)" | ||||
| ''' | ||||
|  | @ -423,6 +434,7 @@ def main(): | |||
|             timeout=dict(type='int', default=60), | ||||
|             update_handle=dict(), | ||||
|             manager=dict(), | ||||
|             ciphers=dict(type='list', elements='str'), | ||||
|         ), | ||||
|         required_together=[ | ||||
|             ('username', 'password'), | ||||
|  | @ -450,9 +462,12 @@ def main(): | |||
|     # manager | ||||
|     manager = module.params['manager'] | ||||
| 
 | ||||
|     # ciphers | ||||
|     ciphers = module.params['ciphers'] | ||||
| 
 | ||||
|     # Build root URI | ||||
|     root_uri = "https://" + module.params['baseuri'] | ||||
|     rf_utils = RedfishUtils(creds, root_uri, timeout, module) | ||||
|     rf_utils = RedfishUtils(creds, root_uri, timeout, module, ciphers=ciphers) | ||||
| 
 | ||||
|     # Build Category list | ||||
|     if "all" in module.params['category']: | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue