diff --git a/docs/source/modules/zhmc_adapter.rst b/docs/source/modules/zhmc_adapter.rst index a9f8fea7e..da329caab 100644 --- a/docs/source/modules/zhmc_adapter.rst +++ b/docs/source/modules/zhmc_adapter.rst @@ -56,6 +56,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + name The name of the target adapter. In case of renaming an adapter, this is the new name of the adapter. diff --git a/docs/source/modules/zhmc_cpc.rst b/docs/source/modules/zhmc_cpc.rst index ca7ae8fd5..16366408d 100644 --- a/docs/source/modules/zhmc_cpc.rst +++ b/docs/source/modules/zhmc_cpc.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + name The name of the target CPC. diff --git a/docs/source/modules/zhmc_crypto_attachment.rst b/docs/source/modules/zhmc_crypto_attachment.rst index 3b5e0b370..06c5a3677 100644 --- a/docs/source/modules/zhmc_crypto_attachment.rst +++ b/docs/source/modules/zhmc_crypto_attachment.rst @@ -56,6 +56,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC that has the partition and the crypto adapters. diff --git a/docs/source/modules/zhmc_hba.rst b/docs/source/modules/zhmc_hba.rst index c282b720c..1ddf21760 100644 --- a/docs/source/modules/zhmc_hba.rst +++ b/docs/source/modules/zhmc_hba.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC with the partition containing the HBA. diff --git a/docs/source/modules/zhmc_nic.rst b/docs/source/modules/zhmc_nic.rst index 00a80baa5..8f18286f1 100644 --- a/docs/source/modules/zhmc_nic.rst +++ b/docs/source/modules/zhmc_nic.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC with the partition containing the NIC. diff --git a/docs/source/modules/zhmc_partition.rst b/docs/source/modules/zhmc_partition.rst index 6b8a9338f..84b04be8f 100644 --- a/docs/source/modules/zhmc_partition.rst +++ b/docs/source/modules/zhmc_partition.rst @@ -56,6 +56,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC with the target partition. diff --git a/docs/source/modules/zhmc_storage_group.rst b/docs/source/modules/zhmc_storage_group.rst index 1dec550a7..dced948d9 100644 --- a/docs/source/modules/zhmc_storage_group.rst +++ b/docs/source/modules/zhmc_storage_group.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC associated with the target storage group. diff --git a/docs/source/modules/zhmc_storage_group_attachment.rst b/docs/source/modules/zhmc_storage_group_attachment.rst index c9dfbd2b1..42024c721 100644 --- a/docs/source/modules/zhmc_storage_group_attachment.rst +++ b/docs/source/modules/zhmc_storage_group_attachment.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC that has the partition and is associated with the storage group. diff --git a/docs/source/modules/zhmc_storage_volume.rst b/docs/source/modules/zhmc_storage_volume.rst index fb8bce511..d66b2f7a9 100644 --- a/docs/source/modules/zhmc_storage_volume.rst +++ b/docs/source/modules/zhmc_storage_volume.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC associated with the storage group containing the target storage volume. diff --git a/docs/source/modules/zhmc_user.rst b/docs/source/modules/zhmc_user.rst index 594d339d6..cce6e5997 100644 --- a/docs/source/modules/zhmc_user.rst +++ b/docs/source/modules/zhmc_user.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + name The userid of the target user (i.e. the 'name' property of the User object). diff --git a/docs/source/modules/zhmc_virtual_function.rst b/docs/source/modules/zhmc_virtual_function.rst index 4dbd2ed53..dea64aebe 100644 --- a/docs/source/modules/zhmc_virtual_function.rst +++ b/docs/source/modules/zhmc_virtual_function.rst @@ -55,6 +55,21 @@ hmc_auth | **type**: str + ca_certs + Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null, the path name in the 'REQUESTS_CA_BUNDLE' environment variable or the path name in the 'CURL_CA_BUNDLE' environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the 'certifi' Python package are used for verifying the HMC certificate. + + | **required**: False + | **type**: str + + + verify + If True (default), verify the HMC certificate as specified in the ``ca_certs`` parameter. If False, ignore what is specified in the ``ca_certs`` parameter and do not verify the HMC certificate. + + | **required**: False + | **type**: bool + | **default**: True + + cpc_name The name of the CPC with the partition containing the virtual function. diff --git a/docs/source/release_notes.rst b/docs/source/release_notes.rst index e51bc77b2..9e748c969 100644 --- a/docs/source/release_notes.rst +++ b/docs/source/release_notes.rst @@ -67,6 +67,9 @@ Released: not yet * Increased minimum version of zhmcclient to 0.29.0 to pick up fixes. +* Added support for verifying HMC certificates by adding module parameters + 'ca_certs' and 'verify' to all modules. (issue #401) + **Cleanup:** * Renamed "Bibliography" page to "Resources" and removed common Ansible links diff --git a/plugins/module_utils/common.py b/plugins/module_utils/common.py index eade4ecc1..977095643 100644 --- a/plugins/module_utils/common.py +++ b/plugins/module_utils/common.py @@ -153,11 +153,14 @@ def get_hmc_auth(hmc_auth): Parameters: hmc_auth (dict): value of the 'hmc_auth' module input parameter, - which is a dictionary with items 'userid' and 'password'. + which is a dictionary with required items 'userid' and 'password' + and optional items 'ca_certs' and 'verify'. Returns: - tuple(userid, password): A tuple with the respective items - of the input dictionary. + tuple(userid, password, ca_certs, verify): A tuple with the respective + items of the input dictionary. Optional items are defaulted: + - ca_certs: Defaults to None. + - verify: Defaults to True. Raises: ParameterError: An item in the input dictionary was missing. @@ -172,7 +175,9 @@ def get_hmc_auth(hmc_auth): except KeyError: raise ParameterError("Required item 'password' is missing in " "dictionary module parameter 'hmc_auth'.") - return userid, password + ca_certs = hmc_auth.get('ca_certs', None) + verify = hmc_auth.get('verify', True) + return userid, password, ca_certs, verify def pull_partition_status(partition): @@ -364,7 +369,7 @@ def wait_for_transition_completion(partition): raise AssertionError() -def get_session(faked_session, host, userid, password): +def get_session(faked_session, host, userid, password, ca_certs, verify): """ Return a session object for the HMC. @@ -372,13 +377,13 @@ def get_session(faked_session, host, userid, password): faked_session (zhmcclient_mock.FakedSession or None): If this object is a `zhmcclient_mock.FakedSession` object, return that object. - Else, return a new `zhmcclient.Session` object from the `host`, - `userid`, and `password` arguments. + Else, return a new `zhmcclient.Session` object from the other arguments. """ if isinstance(faked_session, FakedSession): return faked_session else: - return Session(host, userid, password) + verify_cert = ca_certs if verify else False + return Session(host, userid, password, verify_cert) def to_unicode(value): diff --git a/plugins/modules/zhmc_adapter.py b/plugins/modules/zhmc_adapter.py index beabb3cc6..6b8fa9590 100644 --- a/plugins/modules/zhmc_adapter.py +++ b/plugins/modules/zhmc_adapter.py @@ -67,6 +67,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true name: description: - The name of the target adapter. In case of renaming an adapter, this is @@ -524,7 +544,7 @@ def ensure_set(params, check_mode): # Note: Defaults specified in argument_spec will be set in params dict host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] adapter_name = params['name'] adapter_match = params['match'] @@ -533,7 +553,8 @@ def ensure_set(params, check_mode): changed = False try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) adapter = identify_adapter(cpc, adapter_name, adapter_match) @@ -601,7 +622,7 @@ def ensure_present(params, check_mode): # Note: Defaults specified in argument_spec will be set in params dict host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] adapter_name = params['name'] _faked_session = params.get('_faked_session', None) # No default specified @@ -609,7 +630,8 @@ def ensure_present(params, check_mode): changed = False try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -736,7 +758,7 @@ def ensure_absent(params, check_mode): # Note: Defaults specified in argument_spec will be set in params dict host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] adapter_name = params['name'] _faked_session = params.get('_faked_session', None) # No default specified @@ -745,7 +767,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -776,13 +799,14 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] adapter_name = params['name'] _faked_session = params.get('_faked_session', None) # No default specified try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) adapter = cpc.adapters.find(name=adapter_name) diff --git a/plugins/modules/zhmc_cpc.py b/plugins/modules/zhmc_cpc.py index acde60880..38d77f87a 100644 --- a/plugins/modules/zhmc_cpc.py +++ b/plugins/modules/zhmc_cpc.py @@ -67,6 +67,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true name: description: - The name of the target CPC. @@ -444,14 +464,15 @@ def ensure_set(params, check_mode): # Note: Defaults specified in argument_spec will be set in params dict host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['name'] _faked_session = params.get('_faked_session', None) # No default specified changed = False try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -489,12 +510,13 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['name'] _faked_session = params.get('_faked_session', None) # No default specified try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. diff --git a/plugins/modules/zhmc_crypto_attachment.py b/plugins/modules/zhmc_crypto_attachment.py index a2c2d0c66..ea1f2d2c6 100644 --- a/plugins/modules/zhmc_crypto_attachment.py +++ b/plugins/modules/zhmc_crypto_attachment.py @@ -69,6 +69,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC that has the partition and the crypto adapters. @@ -466,7 +486,7 @@ def ensure_attached(params, check_mode): # Note: Defaults specified in argument_spec will be set in params dict host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] adapter_count = params['adapter_count'] @@ -496,7 +516,8 @@ def ensure_attached(params, check_mode): result_changes = dict() try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) partition = cpc.partitions.find(name=partition_name) @@ -901,7 +922,7 @@ def ensure_detached(params, check_mode): # Note: Defaults specified in argument_spec will be set in params dict host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] _faked_session = params.get('_faked_session', None) # No default specified @@ -911,7 +932,8 @@ def ensure_detached(params, check_mode): result_changes = dict() try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) partition = cpc.partitions.find(name=partition_name) @@ -990,13 +1012,14 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] _faked_session = params.get('_faked_session', None) # No default specified try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) partition = cpc.partitions.find(name=partition_name) diff --git a/plugins/modules/zhmc_hba.py b/plugins/modules/zhmc_hba.py index 53b336d79..0909073f9 100644 --- a/plugins/modules/zhmc_hba.py +++ b/plugins/modules/zhmc_hba.py @@ -72,6 +72,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC with the partition containing the HBA. @@ -408,7 +428,7 @@ def ensure_present(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] hba_name = params['name'] @@ -418,7 +438,8 @@ def ensure_present(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -504,7 +525,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] hba_name = params['name'] @@ -514,7 +535,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) partition = cpc.partitions.find(name=partition_name) diff --git a/plugins/modules/zhmc_nic.py b/plugins/modules/zhmc_nic.py index 97e70f57a..e489f5787 100644 --- a/plugins/modules/zhmc_nic.py +++ b/plugins/modules/zhmc_nic.py @@ -69,6 +69,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC with the partition containing the NIC. @@ -487,7 +507,7 @@ def ensure_present(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] nic_name = params['name'] @@ -497,7 +517,8 @@ def ensure_present(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -582,7 +603,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] nic_name = params['name'] @@ -592,7 +613,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) partition = cpc.partitions.find(name=partition_name) diff --git a/plugins/modules/zhmc_partition.py b/plugins/modules/zhmc_partition.py index 85ecece19..c7b3a4311 100644 --- a/plugins/modules/zhmc_partition.py +++ b/plugins/modules/zhmc_partition.py @@ -74,6 +74,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC with the target partition. @@ -1099,7 +1119,7 @@ def ensure_active(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['name'] expand_storage_groups = params['expand_storage_groups'] @@ -1110,7 +1130,8 @@ def ensure_active(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -1203,7 +1224,7 @@ def ensure_stopped(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['name'] expand_storage_groups = params['expand_storage_groups'] @@ -1214,7 +1235,8 @@ def ensure_stopped(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -1284,7 +1306,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['name'] _faked_session = params.get('_faked_session', None) @@ -1293,7 +1315,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -1324,7 +1347,7 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['name'] expand_storage_groups = params['expand_storage_groups'] @@ -1337,7 +1360,8 @@ def facts(params, check_mode): try: # The default exception handling is sufficient for this code - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) diff --git a/plugins/modules/zhmc_storage_group.py b/plugins/modules/zhmc_storage_group.py index 83620910a..ab1ba8ddb 100644 --- a/plugins/modules/zhmc_storage_group.py +++ b/plugins/modules/zhmc_storage_group.py @@ -76,6 +76,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC associated with the target storage group. @@ -780,7 +800,7 @@ def ensure_present(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['name'] expand = params['expand'] @@ -790,7 +810,8 @@ def ensure_present(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) @@ -864,7 +885,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['name'] _faked_session = params.get('_faked_session', None) @@ -873,7 +894,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) @@ -918,7 +940,7 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['name'] expand = params['expand'] @@ -930,7 +952,8 @@ def facts(params, check_mode): try: # The default exception handling is sufficient for this code - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) diff --git a/plugins/modules/zhmc_storage_group_attachment.py b/plugins/modules/zhmc_storage_group_attachment.py index f86dfdc10..4010eae51 100644 --- a/plugins/modules/zhmc_storage_group_attachment.py +++ b/plugins/modules/zhmc_storage_group_attachment.py @@ -74,6 +74,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC that has the partition and is associated with the @@ -219,7 +239,7 @@ def ensure_attached(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['storage_group_name'] partition_name = params['partition_name'] @@ -229,7 +249,8 @@ def ensure_attached(params, check_mode): attached = None try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) @@ -273,7 +294,7 @@ def ensure_detached(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['storage_group_name'] partition_name = params['partition_name'] @@ -283,7 +304,8 @@ def ensure_detached(params, check_mode): attached = None try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) @@ -327,7 +349,7 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['storage_group_name'] partition_name = params['partition_name'] @@ -337,7 +359,8 @@ def facts(params, check_mode): attached = None try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) diff --git a/plugins/modules/zhmc_storage_volume.py b/plugins/modules/zhmc_storage_volume.py index 4e6c6bc31..1756787f6 100644 --- a/plugins/modules/zhmc_storage_volume.py +++ b/plugins/modules/zhmc_storage_volume.py @@ -75,6 +75,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC associated with the storage group containing the @@ -427,7 +447,7 @@ def ensure_present(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['storage_group_name'] storage_volume_name = params['name'] @@ -437,7 +457,8 @@ def ensure_present(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) @@ -526,7 +547,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['storage_group_name'] storage_volume_name = params['name'] @@ -536,7 +557,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) @@ -580,7 +602,7 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] storage_group_name = params['storage_group_name'] storage_volume_name = params['name'] @@ -590,7 +612,8 @@ def facts(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console cpc = client.cpcs.find(name=cpc_name) diff --git a/plugins/modules/zhmc_user.py b/plugins/modules/zhmc_user.py index 8291153d4..6a6e25e55 100644 --- a/plugins/modules/zhmc_user.py +++ b/plugins/modules/zhmc_user.py @@ -65,6 +65,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true name: description: - The userid of the target user (i.e. the 'name' property of the User @@ -763,7 +783,7 @@ def ensure_present(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) user_name = params['name'] expand = params['expand'] _faked_session = params.get('_faked_session', None) @@ -772,7 +792,8 @@ def ensure_present(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console # The default exception handling is sufficient for the above. @@ -846,7 +867,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) user_name = params['name'] _faked_session = params.get('_faked_session', None) @@ -854,7 +875,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console # The default exception handling is sufficient for the above. @@ -884,7 +906,7 @@ def facts(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) user_name = params['name'] expand = params['expand'] _faked_session = params.get('_faked_session', None) @@ -895,7 +917,8 @@ def facts(params, check_mode): try: # The default exception handling is sufficient for this code - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) console = client.consoles.console diff --git a/plugins/modules/zhmc_virtual_function.py b/plugins/modules/zhmc_virtual_function.py index 4f5b90cda..119247ca8 100644 --- a/plugins/modules/zhmc_virtual_function.py +++ b/plugins/modules/zhmc_virtual_function.py @@ -69,6 +69,26 @@ - The password for authenticating with the HMC. type: str required: true + ca_certs: + description: + - Path name of certificate file or certificate directory to be used + for verifying the HMC certificate. If null, the path name in the + 'REQUESTS_CA_BUNDLE' environment variable or the path name in the + 'CURL_CA_BUNDLE' environment variable is used, or if neither of + these variables is set, the certificates in the Mozilla CA + Certificate List provided by the 'certifi' Python package are used + for verifying the HMC certificate. + type: str + required: false + default: null + verify: + description: + - If True (default), verify the HMC certificate as specified in the + C(ca_certs) parameter. If False, ignore what is specified in the + C(ca_certs) parameter and do not verify the HMC certificate. + type: bool + required: false + default: true cpc_name: description: - The name of the CPC with the partition containing the virtual function. @@ -385,7 +405,7 @@ def ensure_present(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] vfunction_name = params['name'] @@ -395,7 +415,8 @@ def ensure_present(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) # The default exception handling is sufficient for the above. @@ -480,7 +501,7 @@ def ensure_absent(params, check_mode): """ host = params['hmc_host'] - userid, password = get_hmc_auth(params['hmc_auth']) + userid, password, ca_certs, verify = get_hmc_auth(params['hmc_auth']) cpc_name = params['cpc_name'] partition_name = params['partition_name'] vfunction_name = params['name'] @@ -490,7 +511,8 @@ def ensure_absent(params, check_mode): result = {} try: - session = get_session(_faked_session, host, userid, password) + session = get_session(_faked_session, + host, userid, password, ca_certs, verify) client = zhmcclient.Client(session) cpc = client.cpcs.find(name=cpc_name) partition = cpc.partitions.find(name=partition_name)