Adding EnableSecureBoot functionality (#5899)

* rebase merge * Sanity fixes * Optimizing code as suggested by PR comments * Optimizing code as suggested by PR comments * PR comment changes * Adding changelog fragment * Update changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml Agreed Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Kushal <t-s.kushal@hpe.com> Co-authored-by: Felix Fontein <felix@fontein.de>
2024-09-14 20:13:21 +02:00 · 2023-02-17 17:54:35 +05:30 · 2023-02-17 17:54:35 +05:30 · 71d74a7960
commit 71d74a7960
parent 49e3da3646
3 changed files with 35 additions and 2 deletions
--- a/changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml
+++ b/changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - redfish_command - adding ``EnableSecureBoot`` functionality (https://github.com/ansible-collections/community.general/pull/5899).
--- a/plugins/module_utils/redfish_utils.py
+++ b/plugins/module_utils/redfish_utils.py
@ -3198,3 +3198,22 @@ class RedfishUtils(object):
            "changed": False,
            "msg": "BIOS verification completed"
        }
+
+    def enable_secure_boot(self):
+        # This function enable Secure Boot on an OOB controller
+
+        response = self.get_request(self.root_uri + self.systems_uri)
+        if response["ret"] is False:
+            return response
+
+        server_details = response["data"]
+        secure_boot_url = server_details["SecureBoot"]["@odata.id"]
+
+        response = self.get_request(self.root_uri + secure_boot_url)
+        if response["ret"] is False:
+            return response
+
+        body = {}
+        body["SecureBootEnable"] = True
+
+        return self.patch_request(self.root_uri + secure_boot_url, body, check_pyld=True)
--- a/plugins/modules/redfish_config.py
+++ b/plugins/modules/redfish_config.py
@ -124,7 +124,9 @@ options:
    default: {}
    version_added: '5.7.0'

-author: "Jose Delarosa (@jose-delarosa)"
+author:
+  - "Jose Delarosa (@jose-delarosa)"
+  - "T S Kushal (@TSKushal)"
 '''

 EXAMPLES = '''
@ -255,6 +257,14 @@ EXAMPLES = '''
      baseuri: "{{ baseuri }}"
      username: "{{ username }}"
      password: "{{ password }}"
+
+  - name: Enable SecureBoot
+    community.general.redfish_config:
+      category: Systems
+      command: EnableSecureBoot
+      baseuri: "{{ baseuri }}"
+      username: "{{ username }}"
+      password: "{{ password }}"
 '''

 RETURN = '''
@ -273,7 +283,7 @@ from ansible.module_utils.common.text.converters import to_native
 # More will be added as module features are expanded
 CATEGORY_COMMANDS_ALL = {
    "Systems": ["SetBiosDefaultSettings", "SetBiosAttributes", "SetBootOrder",
-                "SetDefaultBootOrder"],
+                "SetDefaultBootOrder", "EnableSecureBoot"],
    "Manager": ["SetNetworkProtocols", "SetManagerNic", "SetHostInterface"],
    "Sessions": ["SetSessionService"],
 }
@ -386,6 +396,8 @@ def main():
                result = rf_utils.set_boot_order(boot_order)
            elif command == "SetDefaultBootOrder":
                result = rf_utils.set_default_boot_order()
+            elif command == "EnableSecureBoot":
+                result = rf_utils.enable_secure_boot()

    elif category == "Manager":
        # execute only if we find a Manager service resource