[PR #5903/ea5cbe25 backport][stable-6] Redfish: Removed basic auth header when performing a GET on the service root and POST to the session collection

[patchback]

This is a backport of PR #5903 as merged into main (ea5cbe2).

SUMMARY

Redfish services do not expect authorization headers when performing a POST to the session collection. The expectation is credentials are in the request body. While the specification is silent on how services behave when authorization headers are present in this request, the guidance for clients is to not provide the header.

The change here removes the authorization header on two conditions:

• When performing a GET on the service root (/redfish/v1/): this is an unauthenticated resource and is used for discovery prior to logging into the system.
• When performing a POST on the session collection (/redfish/v1/SessionService/Sessions).

Fix #5886

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

redfish_utils

ADDITIONAL INFORMATION

On some systems, using the Redfish command "CreateSessions" will result in an error (as shown in #5886).

Before:

fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "HTTP Error 415 on POST request to 'https://<REDACTED>/redfish/v1/SessionService/Sessions', extended message: 'A general error has occurred. See Resolution for information on how to resolve the error.'"}

After:

ok: [localhost] => {
    "redfish_results": {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python3"
        },
        "changed": true,
        "failed": false,
        "msg": "Action was successful",
        "return_values": {},
        "session": {
            "token": "66de70083fccd78fcbd200d9341473b7",
            "uri": "/redfish/v1/SessionService/Sessions/70"
        }
    }
}

[ansibullbot]

cc @Bhavya06 @mraineri @rajeevkallur @renxulei @tomasg2012 @xmadsen
click here for bot help