From 71d74a796092e912be5798e54ec034571cb6c804 Mon Sep 17 00:00:00 2001 From: TSKushal <44438079+TSKushal@users.noreply.github.com> Date: Fri, 17 Feb 2023 17:54:35 +0530 Subject: [PATCH] Adding EnableSecureBoot functionality (#5899) * rebase merge * Sanity fixes * Optimizing code as suggested by PR comments * Optimizing code as suggested by PR comments * PR comment changes * Adding changelog fragment * Update changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml Agreed Co-authored-by: Felix Fontein --------- Co-authored-by: Kushal Co-authored-by: Felix Fontein --- ...reboot-functionality-to-redfish-config.yml | 2 ++ plugins/module_utils/redfish_utils.py | 19 +++++++++++++++++++ plugins/modules/redfish_config.py | 16 ++++++++++++++-- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml diff --git a/changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml b/changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml new file mode 100644 index 00000000000..fba75df0ebd --- /dev/null +++ b/changelogs/fragments/5899-adding-enablesecureboot-functionality-to-redfish-config.yml @@ -0,0 +1,2 @@ +minor_changes: + - redfish_command - adding ``EnableSecureBoot`` functionality (https://github.com/ansible-collections/community.general/pull/5899). diff --git a/plugins/module_utils/redfish_utils.py b/plugins/module_utils/redfish_utils.py index b7fda59a521..4803cf1ac80 100644 --- a/plugins/module_utils/redfish_utils.py +++ b/plugins/module_utils/redfish_utils.py @@ -3198,3 +3198,22 @@ def verify_bios_attributes(self, bios_attributes): "changed": False, "msg": "BIOS verification completed" } + + def enable_secure_boot(self): + # This function enable Secure Boot on an OOB controller + + response = self.get_request(self.root_uri + self.systems_uri) + if response["ret"] is False: + return response + + server_details = response["data"] + secure_boot_url = server_details["SecureBoot"]["@odata.id"] + + response = self.get_request(self.root_uri + secure_boot_url) + if response["ret"] is False: + return response + + body = {} + body["SecureBootEnable"] = True + + return self.patch_request(self.root_uri + secure_boot_url, body, check_pyld=True) diff --git a/plugins/modules/redfish_config.py b/plugins/modules/redfish_config.py index 07ac2e15880..df8cd732bd5 100644 --- a/plugins/modules/redfish_config.py +++ b/plugins/modules/redfish_config.py @@ -124,7 +124,9 @@ default: {} version_added: '5.7.0' -author: "Jose Delarosa (@jose-delarosa)" +author: + - "Jose Delarosa (@jose-delarosa)" + - "T S Kushal (@TSKushal)" ''' EXAMPLES = ''' @@ -255,6 +257,14 @@ baseuri: "{{ baseuri }}" username: "{{ username }}" password: "{{ password }}" + + - name: Enable SecureBoot + community.general.redfish_config: + category: Systems + command: EnableSecureBoot + baseuri: "{{ baseuri }}" + username: "{{ username }}" + password: "{{ password }}" ''' RETURN = ''' @@ -273,7 +283,7 @@ # More will be added as module features are expanded CATEGORY_COMMANDS_ALL = { "Systems": ["SetBiosDefaultSettings", "SetBiosAttributes", "SetBootOrder", - "SetDefaultBootOrder"], + "SetDefaultBootOrder", "EnableSecureBoot"], "Manager": ["SetNetworkProtocols", "SetManagerNic", "SetHostInterface"], "Sessions": ["SetSessionService"], } @@ -386,6 +396,8 @@ def main(): result = rf_utils.set_boot_order(boot_order) elif command == "SetDefaultBootOrder": result = rf_utils.set_default_boot_order() + elif command == "EnableSecureBoot": + result = rf_utils.enable_secure_boot() elif category == "Manager": # execute only if we find a Manager service resource