diff --git a/docs/docsite/rst/guide_ownca.rst b/docs/docsite/rst/guide_ownca.rst index 3b862093..0e8a46da 100644 --- a/docs/docsite/rst/guide_ownca.rst +++ b/docs/docsite/rst/guide_ownca.rst @@ -34,7 +34,7 @@ The following instructions show how to set up a simple self-signed CA certificat use_common_name_for_san: false # since we do not specify SANs, don't use CN as a SAN basic_constraints: - 'CA:TRUE' - basic_constraints_critical: yes + basic_constraints_critical: true key_usage: - keyCertSign key_usage_critical: true diff --git a/plugins/doc_fragments/acme.py b/plugins/doc_fragments/acme.py index 73c04e28..a50cedd6 100644 --- a/plugins/doc_fragments/acme.py +++ b/plugins/doc_fragments/acme.py @@ -114,10 +114,10 @@ options: validate_certs: description: - Whether calls to the ACME directory will validate TLS certificates. - - "B(Warning:) Should B(only ever) be set to C(no) for testing purposes, + - "B(Warning:) Should B(only ever) be set to C(false) for testing purposes, for example when testing against a local Pebble server." type: bool - default: yes + default: true select_crypto_backend: description: - Determines which crypto backend to use. diff --git a/plugins/doc_fragments/module_certificate.py b/plugins/doc_fragments/module_certificate.py index 9da95e48..e277edfa 100644 --- a/plugins/doc_fragments/module_certificate.py +++ b/plugins/doc_fragments/module_certificate.py @@ -23,7 +23,7 @@ options: description: - Generate the certificate, even if it already exists. type: bool - default: no + default: false csr_path: description: @@ -110,9 +110,9 @@ options: - Include the intermediate certificate to the generated certificate - This is only used by the C(acme) provider. - Note that this is only available for older versions of C(acme-tiny). - New versions include the chain automatically, and setting I(acme_chain) to C(yes) results in an error. + New versions include the chain automatically, and setting I(acme_chain) to C(true) results in an error. type: bool - default: no + default: false acme_directory: description: @@ -314,7 +314,7 @@ options: - This is only used by the C(ownca) provider. - Note that this is only supported if the C(cryptography) backend is used! type: bool - default: yes + default: true ''' BACKEND_SELFSIGNED_DOCUMENTATION = r''' diff --git a/plugins/doc_fragments/module_csr.py b/plugins/doc_fragments/module_csr.py index 7fb5798d..81c4318a 100644 --- a/plugins/doc_fragments/module_csr.py +++ b/plugins/doc_fragments/module_csr.py @@ -122,10 +122,10 @@ options: aliases: [ subjectAltName_critical ] use_common_name_for_san: description: - - If set to C(yes), the module will fill the common name in for + - If set to C(true), the module will fill the common name in for C(subject_alt_name) with C(DNS:) prefix if no SAN is specified. type: bool - default: yes + default: true aliases: [ useCommonNameForSAN ] key_usage: description: @@ -219,7 +219,7 @@ options: certificates or for own CAs." - Note that this is only supported if the C(cryptography) backend is used! type: bool - default: no + default: false subject_key_identifier: description: - The subject key identifier as a hex string, where two bytes are separated by colons. @@ -227,7 +227,7 @@ options: - "Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs." - - Note that this option can only be used if I(create_subject_key_identifier) is C(no). + - Note that this option can only be used if I(create_subject_key_identifier) is C(false). - Note that this is only supported if the C(cryptography) backend is used! type: str authority_key_identifier: diff --git a/plugins/doc_fragments/module_privatekey.py b/plugins/doc_fragments/module_privatekey.py index 8c72f226..a27b26c7 100644 --- a/plugins/doc_fragments/module_privatekey.py +++ b/plugins/doc_fragments/module_privatekey.py @@ -129,7 +129,7 @@ options: is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a B(backup) when using this option! - If set to C(always), the module will always regenerate the key. This is equivalent to - setting I(force) to C(yes). + setting I(force) to C(true). - Note that if I(format_mismatch) is set to C(convert) and everything matches except the format, the key will always be converted, except if I(regenerate) is set to C(always). type: str diff --git a/plugins/module_utils/crypto/module_backends/privatekey.py b/plugins/module_utils/crypto/module_backends/privatekey.py index ec69ef4c..dc13107b 100644 --- a/plugins/module_utils/crypto/module_backends/privatekey.py +++ b/plugins/module_utils/crypto/module_backends/privatekey.py @@ -175,7 +175,7 @@ class PrivateKeyBackend: return True self.module.fail_json(msg='Unable to read the key. The key is protected with a another passphrase / no passphrase or broken.' ' Will not proceed. To force regeneration, call the module with `generate`' - ' set to `full_idempotence` or `always`, or with `force=yes`.') + ' set to `full_idempotence` or `always`, or with `force=true`.') self._ensure_existing_private_key_loaded() if self.regenerate != 'never': if not self._check_size_and_type(): @@ -183,7 +183,7 @@ class PrivateKeyBackend: return True self.module.fail_json(msg='Key has wrong type and/or size.' ' Will not proceed. To force regeneration, call the module with `generate`' - ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`.') + ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`.') # During generation step, regenerate if format does not match and format_mismatch == 'regenerate' if self.format_mismatch == 'regenerate' and self.regenerate != 'never': if not self._check_format(): @@ -191,7 +191,7 @@ class PrivateKeyBackend: return True self.module.fail_json(msg='Key has wrong format.' ' Will not proceed. To force regeneration, call the module with `generate`' - ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`.' + ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`.' ' To convert the key, set `format_mismatch` to `convert`.') return False diff --git a/plugins/module_utils/openssh/backends/keypair_backend.py b/plugins/module_utils/openssh/backends/keypair_backend.py index fff11c08..f20910f3 100644 --- a/plugins/module_utils/openssh/backends/keypair_backend.py +++ b/plugins/module_utils/openssh/backends/keypair_backend.py @@ -152,7 +152,7 @@ class KeypairBackend(OpensshModule): self.module.fail_json( msg="Unable to read the key. The key is protected with a passphrase or broken. " + "Will not proceed. To force regeneration, call the module with `generate` " + - "set to `full_idempotence` or `always`, or with `force=yes`." + "set to `full_idempotence` or `always`, or with `force=true`." ) @abc.abstractmethod @@ -167,7 +167,7 @@ class KeypairBackend(OpensshModule): self.module.fail_json( msg="Key has wrong type and/or size. Will not proceed. " + "To force regeneration, call the module with `generate` set to " + - "`partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`." + "`partial_idempotence`, `full_idempotence` or `always`, or with `force=true`." ) return self.original_private_key is None elif self.regenerate in ('partial_idempotence', 'full_idempotence'): diff --git a/plugins/modules/acme_account.py b/plugins/modules/acme_account.py index 5d24fcf6..2a3bb1bb 100644 --- a/plugins/modules/acme_account.py +++ b/plugins/modules/acme_account.py @@ -57,7 +57,7 @@ options: description: - "Whether account creation is allowed (when state is C(present))." type: bool - default: yes + default: true contact: description: - "A list of contact URLs." @@ -74,7 +74,7 @@ options: - "Boolean indicating whether you agree to the terms of service document." - "ACME servers can require this to be true." type: bool - default: no + default: false new_account_key_src: description: - "Path to a file containing the ACME account RSA or Elliptic Curve key to change to." @@ -129,7 +129,7 @@ EXAMPLES = ''' community.crypto.acme_account: account_key_src: /etc/pki/cert/private/account.key state: present - terms_agreed: yes + terms_agreed: true contact: - mailto:me@example.com - mailto:myself@example.org @@ -138,7 +138,7 @@ EXAMPLES = ''' community.crypto.acme_account: account_key_src: /etc/pki/cert/private/account.key state: present - allow_creation: no + allow_creation: false contact: - mailto:me@example.com diff --git a/plugins/modules/acme_certificate.py b/plugins/modules/acme_certificate.py index 60f113f1..cbe06bdc 100644 --- a/plugins/modules/acme_certificate.py +++ b/plugins/modules/acme_certificate.py @@ -85,7 +85,7 @@ options: description: - "The email address associated with this account." - "It will be used for certificate expiration warnings." - - "Note that when C(modify_account) is not set to C(no) and you also + - "Note that when C(modify_account) is not set to C(false) and you also used the M(community.crypto.acme_account) module to specify more than one contact for your account, this module will update your account and restrict it to the (at most one) contact email address specified here." @@ -103,17 +103,17 @@ options: - "ACME servers can require this to be true." - This option will only be used when C(acme_version) is not 1. type: bool - default: no + default: false modify_account: description: - "Boolean indicating whether the module should create the account if necessary, and update its contact data." - - "Set to C(no) if you want to use the M(community.crypto.acme_account) module to manage + - "Set to C(false) if you want to use the M(community.crypto.acme_account) module to manage your account instead, and to avoid accidental creation of a new account using an old key if you changed the account key with M(community.crypto.acme_account)." - - "If set to C(no), C(terms_agreed) and C(account_email) are ignored." + - "If set to C(false), C(terms_agreed) and C(account_email) are ignored." type: bool - default: yes + default: true challenge: description: The challenge to be performed. type: str @@ -200,7 +200,7 @@ options: without having to re-authenticate the domain. This can be a security concern." type: bool - default: no + default: false force: description: - Enforces the execution of the challenge and validation, even if an @@ -208,15 +208,15 @@ options: - This is especially helpful when having an updated CSR, for example with additional domains for which a new certificate is desired. type: bool - default: no + default: false retrieve_all_alternates: description: - - "When set to C(yes), will retrieve all alternate trust chains offered by the ACME CA. + - "When set to C(true), will retrieve all alternate trust chains offered by the ACME CA. These will not be written to disk, but will be returned together with the main chain as C(all_chains). See the documentation for the C(all_chains) return value for details." type: bool - default: no + default: false select_chain: description: - "Allows to specify criteria by which an (alternate) trust chain can be selected." @@ -351,7 +351,7 @@ EXAMPLES = r''' # type: TXT # ttl: 60 # state: present -# wait: yes +# wait: true # # Note: route53 requires TXT entries to be enclosed in quotes # value: "{{ sample_com_challenge.challenge_data['sample.com']['dns-01'].resource_value | regex_replace('^(.*)$', '\"\\1\"') }}" # when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge.challenge_data @@ -364,7 +364,7 @@ EXAMPLES = r''' # type: TXT # ttl: 60 # state: present -# wait: yes +# wait: true # # Note: item.value is a list of TXT entries, and route53 # # requires every entry to be enclosed in quotes # value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}" @@ -496,11 +496,11 @@ account_uri: type: str all_chains: description: - - When I(retrieve_all_alternates) is set to C(yes), the module will query the ACME server + - When I(retrieve_all_alternates) is set to C(true), the module will query the ACME server for alternate chains. This return value will contain a list of all chains returned, the first entry being the main chain returned by the server. - See L(Section 7.4.2 of RFC8555,https://tools.ietf.org/html/rfc8555#section-7.4.2) for details. - returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(yes) + returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(true) type: list elements: dict contains: diff --git a/plugins/modules/acme_certificate_revoke.py b/plugins/modules/acme_certificate_revoke.py index f9106585..957262c4 100644 --- a/plugins/modules/acme_certificate_revoke.py +++ b/plugins/modules/acme_certificate_revoke.py @@ -45,7 +45,7 @@ options: description: - "Path to the certificate to revoke." type: path - required: yes + required: true account_key_src: description: - "Path to a file containing the ACME account RSA or Elliptic Curve diff --git a/plugins/modules/acme_challenge_cert_helper.py b/plugins/modules/acme_challenge_cert_helper.py index d0745372..5777c04a 100644 --- a/plugins/modules/acme_challenge_cert_helper.py +++ b/plugins/modules/acme_challenge_cert_helper.py @@ -33,7 +33,7 @@ options: description: - "The challenge type." type: str - required: yes + required: true choices: - tls-alpn-01 challenge_data: @@ -41,7 +41,7 @@ options: - "The C(challenge_data) entry provided by M(community.crypto.acme_certificate) for the challenge." type: dict - required: yes + required: true private_key_src: description: - "Path to a file containing the private key file to use for this challenge diff --git a/plugins/modules/acme_inspect.py b/plugins/modules/acme_inspect.py index c8a7a0af..6ee1f980 100644 --- a/plugins/modules/acme_inspect.py +++ b/plugins/modules/acme_inspect.py @@ -76,7 +76,7 @@ options: - "If I(method) is C(post) or C(get), make the module fail in case an ACME error is returned." type: bool - default: yes + default: true ''' EXAMPLES = r''' diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py index 3f974400..b69fc14e 100644 --- a/plugins/modules/certificate_complete_chain.py +++ b/plugins/modules/certificate_complete_chain.py @@ -32,7 +32,7 @@ options: - A concatenated set of certificates in PEM format forming a chain. - The module will try to complete this chain. type: str - required: yes + required: true root_certificates: description: - "A list of filenames or directories." @@ -45,7 +45,7 @@ options: - "Symbolic links will be followed." type: list elements: path - required: yes + required: true intermediate_certificates: description: - "A list of filenames or directories." diff --git a/plugins/modules/luks_device.py b/plugins/modules/luks_device.py index b2f7ea37..78ee105b 100644 --- a/plugins/modules/luks_device.py +++ b/plugins/modules/luks_device.py @@ -109,7 +109,7 @@ options: community.crypto 1.4.0. For older versions, trying to remove a key which no longer exists results in an error." - "NOTE that to remove the last key from a LUKS container, the - I(force_remove_last_key) option must be set to C(yes)." + I(force_remove_last_key) option must be set to C(true)." - "BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected." type: path @@ -122,16 +122,16 @@ options: a passphrase which no longer exists results in an error." - "NOTE that to remove the last keyslot from a LUKS container, the I(force_remove_last_key) option must be set - to C(yes)." + to C(true)." type: str version_added: '1.0.0' force_remove_last_key: description: - - "If set to C(yes), allows removing the last key from a container." + - "If set to C(true), allows removing the last key from a container." - "BEWARE that when the last key has been removed from a container, the container can no longer be opened!" type: bool - default: no + default: false label: description: - "This option allow the user to create a LUKS2 format container @@ -665,7 +665,7 @@ class CryptHandler(Handler): if keyslot_count < 2: self._module.fail_json(msg="LUKS device %s has less than two active keyslots. " "To be able to remove a key, please set " - "`force_remove_last_key` to `yes`." % device) + "`force_remove_last_key` to `true`." % device) args = [self._cryptsetup_bin, 'luksRemoveKey', device, '-q'] if keyfile: diff --git a/plugins/modules/openssh_keypair.py b/plugins/modules/openssh_keypair.py index 5070780d..10ed6dbe 100644 --- a/plugins/modules/openssh_keypair.py +++ b/plugins/modules/openssh_keypair.py @@ -107,7 +107,7 @@ options: is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a B(backup) when using this option! - If set to C(always), the module will always regenerate the key. This is equivalent to - setting I(force) to C(yes). + setting I(force) to C(true). - Note that adjusting the comment and the permissions can be changed without regeneration. Therefore, even for C(never), the task can result in changed. type: str @@ -121,7 +121,7 @@ options: version_added: '1.0.0' notes: - In case the ssh key is broken or password protected, the module will fail. - Set the I(force) option to C(yes) if you want to regenerate the keypair. + Set the I(force) option to C(true) if you want to regenerate the keypair. - Supports C(check_mode). - In the case a custom C(mode), C(group), C(owner), or other file attribute is provided it will be applied to both key files. diff --git a/plugins/modules/openssl_csr.py b/plugins/modules/openssl_csr.py index e1467536..d416ee1f 100644 --- a/plugins/modules/openssl_csr.py +++ b/plugins/modules/openssl_csr.py @@ -32,7 +32,7 @@ options: description: - Should the certificate signing request be forced regenerated by this ansible module. type: bool - default: no + default: false path: description: - The name of the file into which the generated OpenSSL certificate signing request will be written. @@ -43,12 +43,12 @@ options: - Create a backup file including a timestamp so you can get the original CSR back if you overwrote it with a new one by accident. type: bool - default: no + default: false return_content: description: - - If set to C(yes), will return the (current or generated) CSR's content as I(csr). + - If set to C(true), will return the (current or generated) CSR's content as I(csr). type: bool - default: no + default: false version_added: "1.0.0" privatekey_content: version_added: "1.0.0" @@ -114,7 +114,7 @@ EXAMPLES = r''' community.crypto.openssl_csr: path: /etc/ssl/csr/www.ansible.com.csr privatekey_path: /etc/ssl/private/ansible.com.pem - force: yes + force: true common_name: www.ansible.com - name: Generate an OpenSSL Certificate Signing Request with special key usages @@ -133,7 +133,7 @@ EXAMPLES = r''' path: /etc/ssl/csr/www.ansible.com.csr privatekey_path: /etc/ssl/private/ansible.com.pem common_name: www.ansible.com - ocsp_must_staple: yes + ocsp_must_staple: true - name: Generate an OpenSSL Certificate Signing Request for WinRM Certificate authentication community.crypto.openssl_csr: @@ -225,12 +225,12 @@ name_constraints_excluded: version_added: 1.1.0 backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/www.ansible.com.csr.2019-03-09@11:22~ csr: description: The (current or generated) CSR's content. - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str version_added: "1.0.0" ''' diff --git a/plugins/modules/openssl_csr_info.py b/plugins/modules/openssl_csr_info.py index 4e1d962e..05277ac9 100644 --- a/plugins/modules/openssl_csr_info.py +++ b/plugins/modules/openssl_csr_info.py @@ -74,7 +74,7 @@ RETURN = r''' signature_valid: description: - Whether the CSR's signature is valid. - - In case the check returns C(no), the module will fail. + - In case the check returns C(false), the module will fail. returned: success type: bool basic_constraints: @@ -140,7 +140,7 @@ subject_alt_name_critical: returned: success type: bool ocsp_must_staple: - description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise. + description: C(true) if the OCSP Must Staple extension is present, C(none) otherwise. returned: success type: bool ocsp_must_staple_critical: diff --git a/plugins/modules/openssl_dhparam.py b/plugins/modules/openssl_dhparam.py index 637bdd1f..05379e8e 100644 --- a/plugins/modules/openssl_dhparam.py +++ b/plugins/modules/openssl_dhparam.py @@ -44,7 +44,7 @@ options: description: - Should the parameters be regenerated even it it already exists. type: bool - default: no + default: false path: description: - Name of the file in which the generated parameters will be saved. @@ -55,7 +55,7 @@ options: - Create a backup file including a timestamp so you can get the original DH params back if you overwrote them with new ones by accident. type: bool - default: no + default: false select_crypto_backend: description: - Determines which crypto backend to use. @@ -68,9 +68,9 @@ options: version_added: "1.0.0" return_content: description: - - If set to C(yes), will return the (current or generated) DH parameter's content as I(dhparams). + - If set to C(true), will return the (current or generated) DH parameter's content as I(dhparams). type: bool - default: no + default: false version_added: "1.0.0" notes: - Supports C(check_mode). @@ -97,7 +97,7 @@ EXAMPLES = r''' - name: Force regenerate an DH parameters if they already exist community.crypto.openssl_dhparam: path: /etc/ssl/dhparams.pem - force: yes + force: true ''' RETURN = r''' @@ -113,12 +113,12 @@ filename: sample: /etc/ssl/dhparams.pem backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/dhparams.pem.2019-03-09@11:22~ dhparams: description: The (current or generated) DH params' content. - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str version_added: "1.0.0" ''' diff --git a/plugins/modules/openssl_pkcs12.py b/plugins/modules/openssl_pkcs12.py index fdefe190..4a7ddbca 100644 --- a/plugins/modules/openssl_pkcs12.py +++ b/plugins/modules/openssl_pkcs12.py @@ -56,7 +56,7 @@ options: description: - Should the file be regenerated even if it already exists. type: bool - default: no + default: false friendly_name: description: - Specifies the friendly name for the certificate and private key. @@ -117,12 +117,12 @@ options: - Create a backup file including a timestamp so you can get the original output file back if you overwrote it with a new one by accident. type: bool - default: no + default: false return_content: description: - - If set to C(yes), will return the (current or generated) PKCS#12's content as I(pkcs12). + - If set to C(true), will return the (current or generated) PKCS#12's content as I(pkcs12). type: bool - default: no + default: false version_added: "1.0.0" select_crypto_backend: description: @@ -203,7 +203,7 @@ EXAMPLES = r''' other_certificates: /opt/certs/ca.pem state: present mode: '0600' - force: yes + force: true - name: Dump/Parse PKCS#12 file community.crypto.openssl_pkcs12: @@ -231,12 +231,12 @@ privatekey: sample: /etc/ssl/private/ansible.com.pem backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/ansible.com.pem.2019-03-09@11:22~ pkcs12: description: The (current or generated) PKCS#12's content Base64 encoded. - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str version_added: "1.0.0" ''' diff --git a/plugins/modules/openssl_privatekey.py b/plugins/modules/openssl_privatekey.py index 3d6ae63f..a373241c 100644 --- a/plugins/modules/openssl_privatekey.py +++ b/plugins/modules/openssl_privatekey.py @@ -30,7 +30,7 @@ options: description: - Should the key be regenerated even if it already exists. type: bool - default: no + default: false path: description: - Name of the file in which the generated TLS/SSL private key will be written. It will have C(0600) mode @@ -46,16 +46,16 @@ options: - Create a backup file including a timestamp so you can get the original private key back if you overwrote it with a new one by accident. type: bool - default: no + default: false return_content: description: - - If set to C(yes), will return the (current or generated) private key's content as I(privatekey). + - If set to C(true), will return the (current or generated) private key's content as I(privatekey). - Note that especially if the private key is not encrypted, you have to make sure that the returned value is treated appropriately and not accidentally written to logs etc.! Use with care! - Use Ansible's I(no_log) task option to avoid the output being shown. See also U(https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook). type: bool - default: no + default: false version_added: '1.0.0' regenerate: version_added: '1.0.0' @@ -86,7 +86,7 @@ EXAMPLES = r''' - name: Force regenerate an OpenSSL private key if it already exists community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem - force: yes + force: true - name: Generate an OpenSSL private key with a different algorithm (DSA) community.crypto.openssl_privatekey: @@ -129,14 +129,14 @@ fingerprint: sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b" backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/privatekey.pem.2019-03-09@11:22~ privatekey: description: - The (current or generated) private key's content. - Will be Base64-encoded if the key is in raw format. - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str version_added: '1.0.0' ''' diff --git a/plugins/modules/openssl_privatekey_convert.py b/plugins/modules/openssl_privatekey_convert.py index 468be525..9a9044c3 100644 --- a/plugins/modules/openssl_privatekey_convert.py +++ b/plugins/modules/openssl_privatekey_convert.py @@ -50,7 +50,7 @@ EXAMPLES = r''' RETURN = r''' backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/privatekey.pem.2019-03-09@11:22~ ''' diff --git a/plugins/modules/openssl_privatekey_info.py b/plugins/modules/openssl_privatekey_info.py index debfc482..ff47fc2c 100644 --- a/plugins/modules/openssl_privatekey_info.py +++ b/plugins/modules/openssl_privatekey_info.py @@ -44,11 +44,11 @@ options: return_private_key_data: description: - Whether to return private key data. - - Only set this to C(yes) when you want private information about this key to + - Only set this to C(true) when you want private information about this key to leave the remote machine. - "B(WARNING:) you have to make sure that private key data is not accidentally logged!" type: bool - default: no + default: false check_consistency: description: - Whether to check consistency of the private key. @@ -104,9 +104,9 @@ can_parse_key: type: bool key_is_consistent: description: - - Whether the key is consistent. Can also return C(none) next to C(yes) and - C(no), to indicate that consistency could not be checked. - - In case the check returns C(no), the module will fail. + - Whether the key is consistent. Can also return C(none) next to C(true) and + C(false), to indicate that consistency could not be checked. + - In case the check returns C(false), the module will fail. returned: when I(check_consistency=true) type: bool public_key: @@ -194,7 +194,7 @@ public_data: private_data: description: - Private key data. Depends on key type. - returned: success and when I(return_private_key_data) is set to C(yes) + returned: success and when I(return_private_key_data) is set to C(true) type: dict ''' diff --git a/plugins/modules/openssl_publickey.py b/plugins/modules/openssl_publickey.py index f01ff242..f313acd5 100644 --- a/plugins/modules/openssl_publickey.py +++ b/plugins/modules/openssl_publickey.py @@ -34,7 +34,7 @@ options: description: - Should the key be regenerated even it it already exists. type: bool - default: no + default: false format: description: - The format of the public key. @@ -68,7 +68,7 @@ options: - Create a backup file including a timestamp so you can get the original public key back if you overwrote it with a different one by accident. type: bool - default: no + default: false select_crypto_backend: description: - Determines which crypto backend to use. @@ -79,9 +79,9 @@ options: choices: [ auto, cryptography ] return_content: description: - - If set to C(yes), will return the (current or generated) public key's content as I(publickey). + - If set to C(true), will return the (current or generated) public key's content as I(publickey). type: bool - default: no + default: false version_added: '1.0.0' extends_documentation_fragment: - files @@ -123,7 +123,7 @@ EXAMPLES = r''' community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem - force: yes + force: true - name: Remove an OpenSSL public key community.crypto.openssl_publickey: @@ -163,12 +163,12 @@ fingerprint: sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b" backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/publickey.pem.2019-03-09@11:22~ publickey: description: The (current or generated) public key's content. - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str version_added: '1.0.0' ''' diff --git a/plugins/modules/x509_certificate.py b/plugins/modules/x509_certificate.py index 44db000e..e16d8e65 100644 --- a/plugins/modules/x509_certificate.py +++ b/plugins/modules/x509_certificate.py @@ -59,9 +59,9 @@ options: return_content: description: - - If set to C(yes), will return the (current or generated) certificate's content as I(certificate). + - If set to C(true), will return the (current or generated) certificate's content as I(certificate). type: bool - default: no + default: false version_added: '1.0.0' backup: @@ -69,7 +69,7 @@ options: - Create a backup file including a timestamp so you can get the original certificate back if you overwrote it with a new one by accident. type: bool - default: no + default: false csr_content: version_added: '1.0.0' @@ -128,7 +128,7 @@ EXAMPLES = r''' provider: acme acme_accountkey_path: /etc/ssl/private/ansible.com.pem acme_challenge_path: /etc/ssl/challenges/ansible.com/ - force: yes + force: true - name: Generate an Entrust certificate via the Entrust Certificate Services (ECS) API community.crypto.x509_certificate: @@ -216,12 +216,12 @@ filename: sample: /etc/ssl/crt/www.ansible.com.crt backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/www.ansible.com.crt.2019-03-09@11:22~ certificate: description: The (current or generated) certificate's content. - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str version_added: '1.0.0' ''' diff --git a/plugins/modules/x509_certificate_info.py b/plugins/modules/x509_certificate_info.py index 34883987..6a3678f0 100644 --- a/plugins/modules/x509_certificate_info.py +++ b/plugins/modules/x509_certificate_info.py @@ -184,7 +184,7 @@ subject_alt_name_critical: returned: success type: bool ocsp_must_staple: - description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise. + description: C(true) if the OCSP Must Staple extension is present, C(none) otherwise. returned: success type: bool ocsp_must_staple_critical: diff --git a/plugins/modules/x509_crl.py b/plugins/modules/x509_crl.py index 24d3124e..694539f9 100644 --- a/plugins/modules/x509_crl.py +++ b/plugins/modules/x509_crl.py @@ -38,7 +38,7 @@ options: - If set to C(update), makes sure that the CRL contains the revoked certificates from I(revoked_certificates), but can also contain other revoked certificates. If the CRL file already exists, all entries from the existing CRL will also be included in the new CRL. - When using C(update), you might be interested in setting I(ignore_timestamps) to C(yes). + When using C(update), you might be interested in setting I(ignore_timestamps) to C(true). type: str default: generate choices: [ generate, update ] @@ -47,20 +47,20 @@ options: description: - Should the CRL be forced to be regenerated. type: bool - default: no + default: false backup: description: - Create a backup file including a timestamp so you can get the original CRL back if you overwrote it with a new one by accident. type: bool - default: no + default: false path: description: - Remote absolute path where the generated CRL file should be created or is already located. type: path - required: yes + required: true format: description: @@ -117,7 +117,7 @@ options: - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + C([w | d | h | m | s]) (for example C(+32w1d2h)). - Note that if using relative time this module is NOT idempotent, except when - I(ignore_timestamps) is set to C(yes). + I(ignore_timestamps) is set to C(true). type: str default: "+0s" @@ -130,7 +130,7 @@ options: - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + C([w | d | h | m | s]) (for example C(+32w1d2h)). - Note that if using relative time this module is NOT idempotent, except when - I(ignore_timestamps) is set to C(yes). + I(ignore_timestamps) is set to C(true). - Required if I(state) is C(present). type: str @@ -175,7 +175,7 @@ options: - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + C([w | d | h | m | s]) (for example C(+32w1d2h)). - Note that if using relative time this module is NOT idempotent, except when - I(ignore_timestamps) is set to C(yes). + I(ignore_timestamps) is set to C(true). type: str default: "+0s" issuer: @@ -188,7 +188,7 @@ options: description: - Whether the certificate issuer extension should be critical. type: bool - default: no + default: false reason: description: - The value for the revocation reason extension. @@ -208,7 +208,7 @@ options: description: - Whether the revocation reason extension should be critical. type: bool - default: no + default: false invalidity_date: description: - The point in time it was known/suspected that the private key was compromised @@ -218,13 +218,13 @@ options: - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + C([w | d | h | m | s]) (for example C(+32w1d2h)). - Note that if using relative time this module is NOT idempotent. This will NOT - change when I(ignore_timestamps) is set to C(yes). + change when I(ignore_timestamps) is set to C(true). type: str invalidity_date_critical: description: - Whether the invalidity date extension should be critical. type: bool - default: no + default: false ignore_timestamps: description: @@ -233,13 +233,13 @@ options: I(invalidity_date) in I(revoked_certificates) will never be ignored. - Use this in combination with relative timestamps for these values to get idempotency. type: bool - default: no + default: false return_content: description: - - If set to C(yes), will return the (current or generated) CRL's content as I(crl). + - If set to C(true), will return the (current or generated) CRL's content as I(crl). type: bool - default: no + default: false extends_documentation_fragment: - files @@ -281,7 +281,7 @@ filename: sample: /path/to/my-ca.crl backup_file: description: Name of backup file created. - returned: changed and if I(backup) is C(yes) + returned: changed and if I(backup) is C(true) type: str sample: /path/to/my-ca.crl.2019-03-09@11:22~ privatekey: @@ -348,7 +348,7 @@ revoked_certificates: issuer_critical: description: Whether the certificate issuer extension is critical. type: bool - sample: no + sample: false reason: description: - The value for the revocation reason extension. @@ -360,7 +360,7 @@ revoked_certificates: reason_critical: description: Whether the revocation reason extension is critical. type: bool - sample: no + sample: false invalidity_date: description: | The point in time it was known/suspected that the private key was compromised @@ -370,13 +370,13 @@ revoked_certificates: invalidity_date_critical: description: Whether the invalidity date extension is critical. type: bool - sample: no + sample: false crl: description: - The (current or generated) CRL's content. - Will be the CRL itself if I(format) is C(pem), and Base64 of the CRL if I(format) is C(der). - returned: if I(state) is C(present) and I(return_content) is C(yes) + returned: if I(state) is C(present) and I(return_content) is C(true) type: str ''' diff --git a/plugins/modules/x509_crl_info.py b/plugins/modules/x509_crl_info.py index 57156fe9..c3d335f0 100644 --- a/plugins/modules/x509_crl_info.py +++ b/plugins/modules/x509_crl_info.py @@ -129,7 +129,7 @@ revoked_certificates: issuer_critical: description: Whether the certificate issuer extension is critical. type: bool - sample: no + sample: false reason: description: - The value for the revocation reason extension. @@ -141,7 +141,7 @@ revoked_certificates: reason_critical: description: Whether the revocation reason extension is critical. type: bool - sample: no + sample: false invalidity_date: description: | The point in time it was known/suspected that the private key was compromised @@ -151,7 +151,7 @@ revoked_certificates: invalidity_date_critical: description: Whether the invalidity date extension is critical. type: bool - sample: no + sample: false '''