mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Enable Custom Cipher Selection for Redfish Modules (#8533)
* Enable custom cipher selection for redfish modules Signed-off-by: David Ehrman <dlehrman@liberty.edu> * Add changelog fragment Signed-off-by: David Ehrman <dlehrman@liberty.edu> * Added version_added to the ciphers option in redfish modules Signed-off-by: David Ehrman <dlehrman@liberty.edu> --------- Signed-off-by: David Ehrman <dlehrman@liberty.edu>
This commit is contained in:
parent
60ba7cab93
commit
0d50131d5e
5 changed files with 63 additions and 10 deletions
4
changelogs/fragments/8533-add-ciphers-option.yml
Normal file
4
changelogs/fragments/8533-add-ciphers-option.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
minor_changes:
|
||||||
|
- redfish_* modules - adds ``ciphers`` option for custom cipher selection (https://github.com/ansible-collections/community.general/pull/8533).
|
||||||
|
...
|
|
@ -42,7 +42,7 @@ FAIL_MSG = 'Issuing a data modification command without specifying the '\
|
||||||
class RedfishUtils(object):
|
class RedfishUtils(object):
|
||||||
|
|
||||||
def __init__(self, creds, root_uri, timeout, module, resource_id=None,
|
def __init__(self, creds, root_uri, timeout, module, resource_id=None,
|
||||||
data_modification=False, strip_etag_quotes=False):
|
data_modification=False, strip_etag_quotes=False, ciphers=None):
|
||||||
self.root_uri = root_uri
|
self.root_uri = root_uri
|
||||||
self.creds = creds
|
self.creds = creds
|
||||||
self.timeout = timeout
|
self.timeout = timeout
|
||||||
|
@ -53,6 +53,7 @@ class RedfishUtils(object):
|
||||||
self.resource_id = resource_id
|
self.resource_id = resource_id
|
||||||
self.data_modification = data_modification
|
self.data_modification = data_modification
|
||||||
self.strip_etag_quotes = strip_etag_quotes
|
self.strip_etag_quotes = strip_etag_quotes
|
||||||
|
self.ciphers = ciphers
|
||||||
self._vendor = None
|
self._vendor = None
|
||||||
self._init_session()
|
self._init_session()
|
||||||
|
|
||||||
|
@ -149,7 +150,7 @@ class RedfishUtils(object):
|
||||||
url_username=username, url_password=password,
|
url_username=username, url_password=password,
|
||||||
force_basic_auth=basic_auth, validate_certs=False,
|
force_basic_auth=basic_auth, validate_certs=False,
|
||||||
follow_redirects='all',
|
follow_redirects='all',
|
||||||
use_proxy=True, timeout=timeout)
|
use_proxy=True, timeout=timeout, ciphers=self.ciphers)
|
||||||
headers = dict((k.lower(), v) for (k, v) in resp.info().items())
|
headers = dict((k.lower(), v) for (k, v) in resp.info().items())
|
||||||
try:
|
try:
|
||||||
if headers.get('content-encoding') == 'gzip' and LooseVersion(ansible_version) < LooseVersion('2.14'):
|
if headers.get('content-encoding') == 'gzip' and LooseVersion(ansible_version) < LooseVersion('2.14'):
|
||||||
|
@ -199,7 +200,7 @@ class RedfishUtils(object):
|
||||||
url_username=username, url_password=password,
|
url_username=username, url_password=password,
|
||||||
force_basic_auth=basic_auth, validate_certs=False,
|
force_basic_auth=basic_auth, validate_certs=False,
|
||||||
follow_redirects='all',
|
follow_redirects='all',
|
||||||
use_proxy=True, timeout=self.timeout)
|
use_proxy=True, timeout=self.timeout, ciphers=self.ciphers)
|
||||||
try:
|
try:
|
||||||
data = json.loads(to_native(resp.read()))
|
data = json.loads(to_native(resp.read()))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
@ -253,7 +254,7 @@ class RedfishUtils(object):
|
||||||
url_username=username, url_password=password,
|
url_username=username, url_password=password,
|
||||||
force_basic_auth=basic_auth, validate_certs=False,
|
force_basic_auth=basic_auth, validate_certs=False,
|
||||||
follow_redirects='all',
|
follow_redirects='all',
|
||||||
use_proxy=True, timeout=self.timeout)
|
use_proxy=True, timeout=self.timeout, ciphers=self.ciphers)
|
||||||
except HTTPError as e:
|
except HTTPError as e:
|
||||||
msg = self._get_extended_message(e)
|
msg = self._get_extended_message(e)
|
||||||
return {'ret': False, 'changed': False,
|
return {'ret': False, 'changed': False,
|
||||||
|
@ -288,7 +289,7 @@ class RedfishUtils(object):
|
||||||
url_username=username, url_password=password,
|
url_username=username, url_password=password,
|
||||||
force_basic_auth=basic_auth, validate_certs=False,
|
force_basic_auth=basic_auth, validate_certs=False,
|
||||||
follow_redirects='all',
|
follow_redirects='all',
|
||||||
use_proxy=True, timeout=self.timeout)
|
use_proxy=True, timeout=self.timeout, ciphers=self.ciphers)
|
||||||
except HTTPError as e:
|
except HTTPError as e:
|
||||||
msg = self._get_extended_message(e)
|
msg = self._get_extended_message(e)
|
||||||
return {'ret': False,
|
return {'ret': False,
|
||||||
|
@ -314,7 +315,7 @@ class RedfishUtils(object):
|
||||||
url_username=username, url_password=password,
|
url_username=username, url_password=password,
|
||||||
force_basic_auth=basic_auth, validate_certs=False,
|
force_basic_auth=basic_auth, validate_certs=False,
|
||||||
follow_redirects='all',
|
follow_redirects='all',
|
||||||
use_proxy=True, timeout=self.timeout)
|
use_proxy=True, timeout=self.timeout, ciphers=self.ciphers)
|
||||||
except HTTPError as e:
|
except HTTPError as e:
|
||||||
msg = self._get_extended_message(e)
|
msg = self._get_extended_message(e)
|
||||||
return {'ret': False,
|
return {'ret': False,
|
||||||
|
|
|
@ -302,6 +302,17 @@ options:
|
||||||
type: int
|
type: int
|
||||||
default: 120
|
default: 120
|
||||||
version_added: 9.1.0
|
version_added: 9.1.0
|
||||||
|
ciphers:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
- SSL/TLS Ciphers to use for the request.
|
||||||
|
- 'When a list is provided, all ciphers are joined in order with V(:).'
|
||||||
|
- See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
|
||||||
|
for more details.
|
||||||
|
- The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
version_added: 9.2.0
|
||||||
|
|
||||||
author:
|
author:
|
||||||
- "Jose Delarosa (@jose-delarosa)"
|
- "Jose Delarosa (@jose-delarosa)"
|
||||||
|
@ -868,6 +879,7 @@ def main():
|
||||||
bios_attributes=dict(type="dict"),
|
bios_attributes=dict(type="dict"),
|
||||||
wait=dict(type='bool', default=False),
|
wait=dict(type='bool', default=False),
|
||||||
wait_timeout=dict(type='int', default=120),
|
wait_timeout=dict(type='int', default=120),
|
||||||
|
ciphers=dict(type='list', elements='str'),
|
||||||
),
|
),
|
||||||
required_together=[
|
required_together=[
|
||||||
('username', 'password'),
|
('username', 'password'),
|
||||||
|
@ -936,10 +948,14 @@ def main():
|
||||||
# BIOS Attributes options
|
# BIOS Attributes options
|
||||||
bios_attributes = module.params['bios_attributes']
|
bios_attributes = module.params['bios_attributes']
|
||||||
|
|
||||||
|
# ciphers
|
||||||
|
ciphers = module.params['ciphers']
|
||||||
|
|
||||||
# Build root URI
|
# Build root URI
|
||||||
root_uri = "https://" + module.params['baseuri']
|
root_uri = "https://" + module.params['baseuri']
|
||||||
rf_utils = RedfishUtils(creds, root_uri, timeout, module,
|
rf_utils = RedfishUtils(creds, root_uri, timeout, module,
|
||||||
resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes)
|
resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes,
|
||||||
|
ciphers=ciphers)
|
||||||
|
|
||||||
# Check that Category is valid
|
# Check that Category is valid
|
||||||
if category not in CATEGORY_COMMANDS_ALL:
|
if category not in CATEGORY_COMMANDS_ALL:
|
||||||
|
|
|
@ -167,6 +167,18 @@ options:
|
||||||
type: dict
|
type: dict
|
||||||
default: {}
|
default: {}
|
||||||
version_added: '7.5.0'
|
version_added: '7.5.0'
|
||||||
|
ciphers:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
- SSL/TLS Ciphers to use for the request.
|
||||||
|
- 'When a list is provided, all ciphers are joined in order with V(:).'
|
||||||
|
- See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
|
||||||
|
for more details.
|
||||||
|
- The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
version_added: 9.2.0
|
||||||
|
|
||||||
author:
|
author:
|
||||||
- "Jose Delarosa (@jose-delarosa)"
|
- "Jose Delarosa (@jose-delarosa)"
|
||||||
- "T S Kushal (@TSKushal)"
|
- "T S Kushal (@TSKushal)"
|
||||||
|
@ -405,7 +417,8 @@ def main():
|
||||||
storage_subsystem_id=dict(type='str', default=''),
|
storage_subsystem_id=dict(type='str', default=''),
|
||||||
volume_ids=dict(type='list', default=[], elements='str'),
|
volume_ids=dict(type='list', default=[], elements='str'),
|
||||||
secure_boot_enable=dict(type='bool', default=True),
|
secure_boot_enable=dict(type='bool', default=True),
|
||||||
volume_details=dict(type='dict', default={})
|
volume_details=dict(type='dict', default={}),
|
||||||
|
ciphers=dict(type='list', elements='str'),
|
||||||
),
|
),
|
||||||
required_together=[
|
required_together=[
|
||||||
('username', 'password'),
|
('username', 'password'),
|
||||||
|
@ -469,10 +482,14 @@ def main():
|
||||||
volume_details = module.params['volume_details']
|
volume_details = module.params['volume_details']
|
||||||
storage_subsystem_id = module.params['storage_subsystem_id']
|
storage_subsystem_id = module.params['storage_subsystem_id']
|
||||||
|
|
||||||
|
# ciphers
|
||||||
|
ciphers = module.params['ciphers']
|
||||||
|
|
||||||
# Build root URI
|
# Build root URI
|
||||||
root_uri = "https://" + module.params['baseuri']
|
root_uri = "https://" + module.params['baseuri']
|
||||||
rf_utils = RedfishUtils(creds, root_uri, timeout, module,
|
rf_utils = RedfishUtils(creds, root_uri, timeout, module,
|
||||||
resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes)
|
resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes,
|
||||||
|
ciphers=ciphers)
|
||||||
|
|
||||||
# Check that Category is valid
|
# Check that Category is valid
|
||||||
if category not in CATEGORY_COMMANDS_ALL:
|
if category not in CATEGORY_COMMANDS_ALL:
|
||||||
|
|
|
@ -73,6 +73,17 @@ options:
|
||||||
- Handle to check the status of an update in progress.
|
- Handle to check the status of an update in progress.
|
||||||
type: str
|
type: str
|
||||||
version_added: '6.1.0'
|
version_added: '6.1.0'
|
||||||
|
ciphers:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
- SSL/TLS Ciphers to use for the request.
|
||||||
|
- 'When a list is provided, all ciphers are joined in order with V(:).'
|
||||||
|
- See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
|
||||||
|
for more details.
|
||||||
|
- The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
version_added: 9.2.0
|
||||||
|
|
||||||
author: "Jose Delarosa (@jose-delarosa)"
|
author: "Jose Delarosa (@jose-delarosa)"
|
||||||
'''
|
'''
|
||||||
|
@ -423,6 +434,7 @@ def main():
|
||||||
timeout=dict(type='int', default=60),
|
timeout=dict(type='int', default=60),
|
||||||
update_handle=dict(),
|
update_handle=dict(),
|
||||||
manager=dict(),
|
manager=dict(),
|
||||||
|
ciphers=dict(type='list', elements='str'),
|
||||||
),
|
),
|
||||||
required_together=[
|
required_together=[
|
||||||
('username', 'password'),
|
('username', 'password'),
|
||||||
|
@ -450,9 +462,12 @@ def main():
|
||||||
# manager
|
# manager
|
||||||
manager = module.params['manager']
|
manager = module.params['manager']
|
||||||
|
|
||||||
|
# ciphers
|
||||||
|
ciphers = module.params['ciphers']
|
||||||
|
|
||||||
# Build root URI
|
# Build root URI
|
||||||
root_uri = "https://" + module.params['baseuri']
|
root_uri = "https://" + module.params['baseuri']
|
||||||
rf_utils = RedfishUtils(creds, root_uri, timeout, module)
|
rf_utils = RedfishUtils(creds, root_uri, timeout, module, ciphers=ciphers)
|
||||||
|
|
||||||
# Build Category list
|
# Build Category list
|
||||||
if "all" in module.params['category']:
|
if "all" in module.params['category']:
|
||||||
|
|
Loading…
Reference in a new issue