Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PR #8653/80f48cce backport][stable-9] Redfish: Added steps to allow a user to change their password when their account requires a password change #8881

Merged
merged 1 commit into from
Sep 18, 2024
Merged

[PR #8653/80f48cce backport][stable-9] Redfish: Added steps to allow a user to change their password when their account requires a password change #8881

merged 1 commit into from
Sep 18, 2024

Conversation

patchback[bot]
Copy link

@patchback patchback bot commented Sep 18, 2024

This is a backport of PR #8653 as merged into main (80f48cc).

SUMMARY

Modifies the flow for the "UpdateUserPassword" command to inspect discovery response data for indicators if the user's password needs to be changed.

Creating as a draft for now to allow users to test.

Fix #8652

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

redfish_utils

ADDITIONAL INFORMATION

Sample playbook (no changes to the playbook itself)

---
- hosts: all
  gather_facts: false
  vars:
    username: root
    password: defaultpassword
    baseuri: 192.168.1.50
    default_uri_timeout: 5
    default_uri_retries: 5
  tasks:
  - name: Update password
    community.general.redfish_command:
      category: Accounts
      command: UpdateUserPassword
      baseuri: "{{ baseuri }}"
      username: "{{ username }}"
      password: "{{ password }}"
      account_username: root
      account_password: MyNewPassword
    retries: "{{ default_uri_retries }}"
    register: redfish_results
  - debug:
      var: redfish_results

Prior to the changes, if "root" is flagged with "password change required", it would result in the following output:

TASK [Update password] *********************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "HTTP Error 403 on GET request to 'https://192.168.1.50/redfish/v1/AccountService', extended message: 'Forbidden'"}

With the change, it handles the 403 response to inspect for the special "PasswordChangeRequired" message. If the user logging into the service is the same account being modified, it'll handle the error and directly PATCH the desired user account with the new password. This clears the "password change required" state on the user.

TASK [Update password] *********************************************************************************************************************************************
changed: [localhost]

TASK [debug] *******************************************************************************************************************************************************
ok: [localhost] => {
    "redfish_results": {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python3"
        },
        "changed": true,
        "failed": false,
        "msg": "Action was successful",
        "return_values": {},
        "session": {}
    }
}

@mraineri @patchback
Redfish: Added steps to allow a user to change their password when th…
f31be2c 
…eir account requires a password change (#8653)

* Redfish: Added steps to allow a user to change their password when their account requires a password change

Signed-off-by: Mike Raineri <[email protected]>

* Bug fix

Signed-off-by: Mike Raineri <[email protected]>

* Bug fix

Signed-off-by: Mike Raineri <[email protected]>

* Bug fixes with return data handling

Signed-off-by: Mike Raineri <[email protected]>

* Added changelog fragment

Signed-off-by: Mike Raineri <[email protected]>

* Update changelogs/fragments/8652-Redfish-Password-Change-Required.yml

Co-authored-by: Felix Fontein <[email protected]>

---------

Signed-off-by: Mike Raineri <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
(cherry picked from commit 80f48cc)
@patchback patchback bot mentioned this pull request Sep 18, 2024
Merged
@ansibullbot
Copy link
Collaborator

cc @TSKushal @Bhavya06 @jyundt @mraineri @rajeevkallur @renxulei @tomasg2012 @xmadsen
click here for bot help

@ansibullbot ansibullbot added backport feature This issue/PR relates to a feature request module module module_utils module_utils needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR new_contributor Help guide this first time contributor plugins plugin (any type) and removed needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Sep 18, 2024
@felixfontein felixfontein merged commit e6edf9c into stable-9 Sep 18, 2024
146 checks passed
@felixfontein felixfontein deleted the patchback/backports/stable-9/80f48cceb4587edb6199917b816588bd0e00c06c/pr-8653 branch September 18, 2024 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport feature This issue/PR relates to a feature request module_utils module_utils module module new_contributor Help guide this first time contributor plugins plugin (any type)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ansibullbot @felixfontein @mraineri