Convert yes/no to true/false. (#503)

docs/docsite/rst/guide_ownca.rst

@@ -34,7 +34,7 @@ The following instructions show how to set up a simple self-signed CA certificat
         use_common_name_for_san: false  # since we do not specify SANs, don't use CN as a SAN
         basic_constraints:
           - 'CA:TRUE'
-        basic_constraints_critical: yes
+        basic_constraints_critical: true
         key_usage:
           - keyCertSign
         key_usage_critical: true

plugins/doc_fragments/acme.py

@@ -114,10 +114,10 @@ options:
   validate_certs:
     description:
       - Whether calls to the ACME directory will validate TLS certificates.
-      - "B(Warning:) Should B(only ever) be set to C(no) for testing purposes,
+      - "B(Warning:) Should B(only ever) be set to C(false) for testing purposes,
          for example when testing against a local Pebble server."
     type: bool
-    default: yes
+    default: true
   select_crypto_backend:
     description:
       - Determines which crypto backend to use.

plugins/doc_fragments/module_certificate.py

@@ -23,7 +23,7 @@ options:
         description:
             - Generate the certificate, even if it already exists.
         type: bool
-        default: no
+        default: false
 
     csr_path:
         description:
@@ -110,9 +110,9 @@ options:
             - Include the intermediate certificate to the generated certificate
             - This is only used by the C(acme) provider.
             - Note that this is only available for older versions of C(acme-tiny).
-              New versions include the chain automatically, and setting I(acme_chain) to C(yes) results in an error.
+              New versions include the chain automatically, and setting I(acme_chain) to C(true) results in an error.
         type: bool
-        default: no
+        default: false
 
     acme_directory:
         description:
@@ -314,7 +314,7 @@ options:
             - This is only used by the C(ownca) provider.
             - Note that this is only supported if the C(cryptography) backend is used!
         type: bool
-        default: yes
+        default: true
 '''
 
     BACKEND_SELFSIGNED_DOCUMENTATION = r'''

plugins/doc_fragments/module_csr.py

@@ -122,10 +122,10 @@ options:
         aliases: [ subjectAltName_critical ]
     use_common_name_for_san:
         description:
-            - If set to C(yes), the module will fill the common name in for
+            - If set to C(true), the module will fill the common name in for
               C(subject_alt_name) with C(DNS:) prefix if no SAN is specified.
         type: bool
-        default: yes
+        default: true
         aliases: [ useCommonNameForSAN ]
     key_usage:
         description:
@@ -219,7 +219,7 @@ options:
                certificates or for own CAs."
             - Note that this is only supported if the C(cryptography) backend is used!
         type: bool
-        default: no
+        default: false
     subject_key_identifier:
         description:
             - The subject key identifier as a hex string, where two bytes are separated by colons.
@@ -227,7 +227,7 @@ options:
             - "Please note that commercial CAs ignore this value, respectively use a value of their
                own choice. Specifying this option is mostly useful for self-signed certificates
                or for own CAs."
-            - Note that this option can only be used if I(create_subject_key_identifier) is C(no).
+            - Note that this option can only be used if I(create_subject_key_identifier) is C(false).
             - Note that this is only supported if the C(cryptography) backend is used!
         type: str
     authority_key_identifier:

plugins/doc_fragments/module_privatekey.py

@@ -129,7 +129,7 @@ options:
               is protected by an unknown passphrase, or when they key is not protected by a passphrase,
               but a passphrase is specified. Make sure you have a B(backup) when using this option!
             - If set to C(always), the module will always regenerate the key. This is equivalent to
-              setting I(force) to C(yes).
+              setting I(force) to C(true).
             - Note that if I(format_mismatch) is set to C(convert) and everything matches except the
               format, the key will always be converted, except if I(regenerate) is set to C(always).
         type: str

plugins/module_utils/crypto/module_backends/privatekey.py

@@ -175,7 +175,7 @@ class PrivateKeyBackend:
                 return True
             self.module.fail_json(msg='Unable to read the key. The key is protected with a another passphrase / no passphrase or broken.'
                                   ' Will not proceed. To force regeneration, call the module with `generate`'
-                                  ' set to `full_idempotence` or `always`, or with `force=yes`.')
+                                  ' set to `full_idempotence` or `always`, or with `force=true`.')
         self._ensure_existing_private_key_loaded()
         if self.regenerate != 'never':
             if not self._check_size_and_type():
@@ -183,7 +183,7 @@ class PrivateKeyBackend:
                     return True
                 self.module.fail_json(msg='Key has wrong type and/or size.'
                                       ' Will not proceed. To force regeneration, call the module with `generate`'
-                                      ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`.')
+                                      ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`.')
         # During generation step, regenerate if format does not match and format_mismatch == 'regenerate'
         if self.format_mismatch == 'regenerate' and self.regenerate != 'never':
             if not self._check_format():
@@ -191,7 +191,7 @@ class PrivateKeyBackend:
                     return True
                 self.module.fail_json(msg='Key has wrong format.'
                                       ' Will not proceed. To force regeneration, call the module with `generate`'
-                                      ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`.'
+                                      ' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`.'
                                       ' To convert the key, set `format_mismatch` to `convert`.')
         return False
 

plugins/module_utils/openssh/backends/keypair_backend.py

@@ -152,7 +152,7 @@ class KeypairBackend(OpensshModule):
             self.module.fail_json(
                 msg="Unable to read the key. The key is protected with a passphrase or broken. " +
                     "Will not proceed. To force regeneration, call the module with `generate` " +
-                    "set to `full_idempotence` or `always`, or with `force=yes`."
+                    "set to `full_idempotence` or `always`, or with `force=true`."
             )
 
     @abc.abstractmethod
@@ -167,7 +167,7 @@ class KeypairBackend(OpensshModule):
                 self.module.fail_json(
                     msg="Key has wrong type and/or size. Will not proceed. " +
                         "To force regeneration, call the module with `generate` set to " +
-                        "`partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`."
+                        "`partial_idempotence`, `full_idempotence` or `always`, or with `force=true`."
                 )
             return self.original_private_key is None
         elif self.regenerate in ('partial_idempotence', 'full_idempotence'):

plugins/modules/acme_account.py

@@ -57,7 +57,7 @@ options:
     description:
       - "Whether account creation is allowed (when state is C(present))."
     type: bool
-    default: yes
+    default: true
   contact:
     description:
       - "A list of contact URLs."
@@ -74,7 +74,7 @@ options:
       - "Boolean indicating whether you agree to the terms of service document."
       - "ACME servers can require this to be true."
     type: bool
-    default: no
+    default: false
   new_account_key_src:
     description:
       - "Path to a file containing the ACME account RSA or Elliptic Curve key to change to."
@@ -129,7 +129,7 @@ EXAMPLES = '''
   community.crypto.acme_account:
     account_key_src: /etc/pki/cert/private/account.key
     state: present
-    terms_agreed: yes
+    terms_agreed: true
     contact:
     - mailto:me@example.com
     - mailto:myself@example.org
@@ -138,7 +138,7 @@ EXAMPLES = '''
   community.crypto.acme_account:
     account_key_src: /etc/pki/cert/private/account.key
     state: present
-    allow_creation: no
+    allow_creation: false
     contact:
     - mailto:me@example.com
 

plugins/modules/acme_certificate.py

@@ -85,7 +85,7 @@ options:
     description:
       - "The email address associated with this account."
       - "It will be used for certificate expiration warnings."
-      - "Note that when C(modify_account) is not set to C(no) and you also
+      - "Note that when C(modify_account) is not set to C(false) and you also
          used the M(community.crypto.acme_account) module to specify more than one contact
          for your account, this module will update your account and restrict
          it to the (at most one) contact email address specified here."
@@ -103,17 +103,17 @@ options:
       - "ACME servers can require this to be true."
       - This option will only be used when C(acme_version) is not 1.
     type: bool
-    default: no
+    default: false
   modify_account:
     description:
       - "Boolean indicating whether the module should create the account if
          necessary, and update its contact data."
-      - "Set to C(no) if you want to use the M(community.crypto.acme_account) module to manage
+      - "Set to C(false) if you want to use the M(community.crypto.acme_account) module to manage
          your account instead, and to avoid accidental creation of a new account
          using an old key if you changed the account key with M(community.crypto.acme_account)."
-      - "If set to C(no), C(terms_agreed) and C(account_email) are ignored."
+      - "If set to C(false), C(terms_agreed) and C(account_email) are ignored."
     type: bool
-    default: yes
+    default: true
   challenge:
     description: The challenge to be performed.
     type: str
@@ -200,7 +200,7 @@ options:
          without having to re-authenticate the domain. This can be a security
          concern."
     type: bool
-    default: no
+    default: false
   force:
     description:
       - Enforces the execution of the challenge and validation, even if an
@@ -208,15 +208,15 @@ options:
       - This is especially helpful when having an updated CSR, for example with
         additional domains for which a new certificate is desired.
     type: bool
-    default: no
+    default: false
   retrieve_all_alternates:
     description:
-      - "When set to C(yes), will retrieve all alternate trust chains offered by the ACME CA.
+      - "When set to C(true), will retrieve all alternate trust chains offered by the ACME CA.
          These will not be written to disk, but will be returned together with the main
          chain as C(all_chains). See the documentation for the C(all_chains) return
          value for details."
     type: bool
-    default: no
+    default: false
   select_chain:
     description:
       - "Allows to specify criteria by which an (alternate) trust chain can be selected."
@@ -351,7 +351,7 @@ EXAMPLES = r'''
 #     type: TXT
 #     ttl: 60
 #     state: present
-#     wait: yes
+#     wait: true
 #     # Note: route53 requires TXT entries to be enclosed in quotes
 #     value: "{{ sample_com_challenge.challenge_data['sample.com']['dns-01'].resource_value | regex_replace('^(.*)$', '\"\\1\"') }}"
 #   when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge.challenge_data
@@ -364,7 +364,7 @@ EXAMPLES = r'''
 #     type: TXT
 #     ttl: 60
 #     state: present
-#     wait: yes
+#     wait: true
 #     # Note: item.value is a list of TXT entries, and route53
 #     # requires every entry to be enclosed in quotes
 #     value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
@@ -496,11 +496,11 @@ account_uri:
   type: str
 all_chains:
   description:
-    - When I(retrieve_all_alternates) is set to C(yes), the module will query the ACME server
+    - When I(retrieve_all_alternates) is set to C(true), the module will query the ACME server
       for alternate chains. This return value will contain a list of all chains returned,
       the first entry being the main chain returned by the server.
     - See L(Section 7.4.2 of RFC8555,https://tools.ietf.org/html/rfc8555#section-7.4.2) for details.
-  returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(yes)
+  returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(true)
   type: list
   elements: dict
   contains:

plugins/modules/acme_certificate_revoke.py

@@ -45,7 +45,7 @@ options:
     description:
       - "Path to the certificate to revoke."
     type: path
-    required: yes
+    required: true
   account_key_src:
     description:
       - "Path to a file containing the ACME account RSA or Elliptic Curve

plugins/modules/acme_challenge_cert_helper.py

@@ -33,7 +33,7 @@ options:
     description:
       - "The challenge type."
     type: str
-    required: yes
+    required: true
     choices:
     - tls-alpn-01
   challenge_data:
@@ -41,7 +41,7 @@ options:
       - "The C(challenge_data) entry provided by M(community.crypto.acme_certificate) for the
          challenge."
     type: dict
-    required: yes
+    required: true
   private_key_src:
     description:
       - "Path to a file containing the private key file to use for this challenge

plugins/modules/acme_inspect.py

@@ -76,7 +76,7 @@ options:
       - "If I(method) is C(post) or C(get), make the module fail in case an ACME
          error is returned."
     type: bool
-    default: yes
+    default: true
 '''
 
 EXAMPLES = r'''

plugins/modules/certificate_complete_chain.py

@@ -32,7 +32,7 @@ options:
             - A concatenated set of certificates in PEM format forming a chain.
             - The module will try to complete this chain.
         type: str
-        required: yes
+        required: true
     root_certificates:
         description:
             - "A list of filenames or directories."
@@ -45,7 +45,7 @@ options:
             - "Symbolic links will be followed."
         type: list
         elements: path
-        required: yes
+        required: true
     intermediate_certificates:
         description:
             - "A list of filenames or directories."

plugins/modules/luks_device.py

@@ -109,7 +109,7 @@ options:
               community.crypto 1.4.0. For older versions, trying to remove
               a key which no longer exists results in an error."
             - "NOTE that to remove the last key from a LUKS container, the
-              I(force_remove_last_key) option must be set to C(yes)."
+              I(force_remove_last_key) option must be set to C(true)."
             - "BEWARE that working with keyfiles in plaintext is dangerous.
               Make sure that they are protected."
         type: path
@@ -122,16 +122,16 @@ options:
               a passphrase which no longer exists results in an error."
             - "NOTE that to remove the last keyslot from a LUKS
               container, the I(force_remove_last_key) option must be set
-              to C(yes)."
+              to C(true)."
         type: str
         version_added: '1.0.0'
     force_remove_last_key:
         description:
-            - "If set to C(yes), allows removing the last key from a container."
+            - "If set to C(true), allows removing the last key from a container."
             - "BEWARE that when the last key has been removed from a container,
               the container can no longer be opened!"
         type: bool
-        default: no
+        default: false
     label:
         description:
             - "This option allow the user to create a LUKS2 format container
@@ -665,7 +665,7 @@ class CryptHandler(Handler):
             if keyslot_count < 2:
                 self._module.fail_json(msg="LUKS device %s has less than two active keyslots. "
                                            "To be able to remove a key, please set "
-                                           "`force_remove_last_key` to `yes`." % device)
+                                           "`force_remove_last_key` to `true`." % device)
 
         args = [self._cryptsetup_bin, 'luksRemoveKey', device, '-q']
         if keyfile:

plugins/modules/openssh_keypair.py

@@ -107,7 +107,7 @@ options:
               is protected by an unknown passphrase, or when they key is not protected by a passphrase,
               but a passphrase is specified. Make sure you have a B(backup) when using this option!
             - If set to C(always), the module will always regenerate the key. This is equivalent to
-              setting I(force) to C(yes).
+              setting I(force) to C(true).
             - Note that adjusting the comment and the permissions can be changed without regeneration.
               Therefore, even for C(never), the task can result in changed.
         type: str
@@ -121,7 +121,7 @@ options:
         version_added: '1.0.0'
 notes:
     - In case the ssh key is broken or password protected, the module will fail.
-      Set the I(force) option to C(yes) if you want to regenerate the keypair.
+      Set the I(force) option to C(true) if you want to regenerate the keypair.
     - Supports C(check_mode).
     - In the case a custom C(mode), C(group), C(owner), or other file attribute is provided it will be applied to both key files.
 

plugins/modules/openssl_csr.py

@@ -32,7 +32,7 @@ options:
         description:
             - Should the certificate signing request be forced regenerated by this ansible module.
         type: bool
-        default: no
+        default: false
     path:
         description:
             - The name of the file into which the generated OpenSSL certificate signing request will be written.
@@ -43,12 +43,12 @@ options:
             - Create a backup file including a timestamp so you can get the original
               CSR back if you overwrote it with a new one by accident.
         type: bool
-        default: no
+        default: false
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) CSR's content as I(csr).
+            - If set to C(true), will return the (current or generated) CSR's content as I(csr).
         type: bool
-        default: no
+        default: false
         version_added: "1.0.0"
     privatekey_content:
         version_added: "1.0.0"
@@ -114,7 +114,7 @@ EXAMPLES = r'''
   community.crypto.openssl_csr:
     path: /etc/ssl/csr/www.ansible.com.csr
     privatekey_path: /etc/ssl/private/ansible.com.pem
-    force: yes
+    force: true
     common_name: www.ansible.com
 
 - name: Generate an OpenSSL Certificate Signing Request with special key usages
@@ -133,7 +133,7 @@ EXAMPLES = r'''
     path: /etc/ssl/csr/www.ansible.com.csr
     privatekey_path: /etc/ssl/private/ansible.com.pem
     common_name: www.ansible.com
-    ocsp_must_staple: yes
+    ocsp_must_staple: true
 
 - name: Generate an OpenSSL Certificate Signing Request for WinRM Certificate authentication
   community.crypto.openssl_csr:
@@ -225,12 +225,12 @@ name_constraints_excluded:
     version_added: 1.1.0
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/www.ansible.com.csr.2019-03-09@11:22~
 csr:
     description: The (current or generated) CSR's content.
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
     version_added: "1.0.0"
 '''

plugins/modules/openssl_csr_info.py

@@ -74,7 +74,7 @@ RETURN = r'''
 signature_valid:
     description:
         - Whether the CSR's signature is valid.
-        - In case the check returns C(no), the module will fail.
+        - In case the check returns C(false), the module will fail.
     returned: success
     type: bool
 basic_constraints:
@@ -140,7 +140,7 @@ subject_alt_name_critical:
     returned: success
     type: bool
 ocsp_must_staple:
-    description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise.
+    description: C(true) if the OCSP Must Staple extension is present, C(none) otherwise.
     returned: success
     type: bool
 ocsp_must_staple_critical:

plugins/modules/openssl_dhparam.py

@@ -44,7 +44,7 @@ options:
         description:
             - Should the parameters be regenerated even it it already exists.
         type: bool
-        default: no
+        default: false
     path:
         description:
             - Name of the file in which the generated parameters will be saved.
@@ -55,7 +55,7 @@ options:
             - Create a backup file including a timestamp so you can get the original
               DH params back if you overwrote them with new ones by accident.
         type: bool
-        default: no
+        default: false
     select_crypto_backend:
         description:
             - Determines which crypto backend to use.
@@ -68,9 +68,9 @@ options:
         version_added: "1.0.0"
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) DH parameter's content as I(dhparams).
+            - If set to C(true), will return the (current or generated) DH parameter's content as I(dhparams).
         type: bool
-        default: no
+        default: false
         version_added: "1.0.0"
 notes:
 - Supports C(check_mode).
@@ -97,7 +97,7 @@ EXAMPLES = r'''
 - name: Force regenerate an DH parameters if they already exist
   community.crypto.openssl_dhparam:
     path: /etc/ssl/dhparams.pem
-    force: yes
+    force: true
 '''
 
 RETURN = r'''
@@ -113,12 +113,12 @@ filename:
     sample: /etc/ssl/dhparams.pem
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/dhparams.pem.2019-03-09@11:22~
 dhparams:
     description: The (current or generated) DH params' content.
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
     version_added: "1.0.0"
 '''

plugins/modules/openssl_pkcs12.py

@@ -56,7 +56,7 @@ options:
         description:
             - Should the file be regenerated even if it already exists.
         type: bool
-        default: no
+        default: false
     friendly_name:
         description:
             - Specifies the friendly name for the certificate and private key.
@@ -117,12 +117,12 @@ options:
             - Create a backup file including a timestamp so you can get the original
               output file back if you overwrote it with a new one by accident.
         type: bool
-        default: no
+        default: false
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) PKCS#12's content as I(pkcs12).
+            - If set to C(true), will return the (current or generated) PKCS#12's content as I(pkcs12).
         type: bool
-        default: no
+        default: false
         version_added: "1.0.0"
     select_crypto_backend:
         description:
@@ -203,7 +203,7 @@ EXAMPLES = r'''
     other_certificates: /opt/certs/ca.pem
     state: present
     mode: '0600'
-    force: yes
+    force: true
 
 - name: Dump/Parse PKCS#12 file
   community.crypto.openssl_pkcs12:
@@ -231,12 +231,12 @@ privatekey:
     sample: /etc/ssl/private/ansible.com.pem
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/ansible.com.pem.2019-03-09@11:22~
 pkcs12:
     description: The (current or generated) PKCS#12's content Base64 encoded.
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
     version_added: "1.0.0"
 '''

plugins/modules/openssl_privatekey.py

@@ -30,7 +30,7 @@ options:
         description:
             - Should the key be regenerated even if it already exists.
         type: bool
-        default: no
+        default: false
     path:
         description:
             - Name of the file in which the generated TLS/SSL private key will be written. It will have C(0600) mode
@@ -46,16 +46,16 @@ options:
             - Create a backup file including a timestamp so you can get
               the original private key back if you overwrote it with a new one by accident.
         type: bool
-        default: no
+        default: false
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) private key's content as I(privatekey).
+            - If set to C(true), will return the (current or generated) private key's content as I(privatekey).
             - Note that especially if the private key is not encrypted, you have to make sure that the returned
               value is treated appropriately and not accidentally written to logs etc.! Use with care!
             - Use Ansible's I(no_log) task option to avoid the output being shown. See also
               U(https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook).
         type: bool
-        default: no
+        default: false
         version_added: '1.0.0'
     regenerate:
         version_added: '1.0.0'
@@ -86,7 +86,7 @@ EXAMPLES = r'''
 - name: Force regenerate an OpenSSL private key if it already exists
   community.crypto.openssl_privatekey:
     path: /etc/ssl/private/ansible.com.pem
-    force: yes
+    force: true
 
 - name: Generate an OpenSSL private key with a different algorithm (DSA)
   community.crypto.openssl_privatekey:
@@ -129,14 +129,14 @@ fingerprint:
       sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/privatekey.pem.2019-03-09@11:22~
 privatekey:
     description:
         - The (current or generated) private key's content.
         - Will be Base64-encoded if the key is in raw format.
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
     version_added: '1.0.0'
 '''

plugins/modules/openssl_privatekey_convert.py

@@ -50,7 +50,7 @@ EXAMPLES = r'''
 RETURN = r'''
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/privatekey.pem.2019-03-09@11:22~
 '''

plugins/modules/openssl_privatekey_info.py

@@ -44,11 +44,11 @@ options:
     return_private_key_data:
         description:
             - Whether to return private key data.
-            - Only set this to C(yes) when you want private information about this key to
+            - Only set this to C(true) when you want private information about this key to
               leave the remote machine.
             - "B(WARNING:) you have to make sure that private key data is not accidentally logged!"
         type: bool
-        default: no
+        default: false
     check_consistency:
         description:
             - Whether to check consistency of the private key.
@@ -104,9 +104,9 @@ can_parse_key:
     type: bool
 key_is_consistent:
     description:
-        - Whether the key is consistent. Can also return C(none) next to C(yes) and
+        - Whether the key is consistent. Can also return C(none) next to C(true) and
-          C(no), to indicate that consistency could not be checked.
+          C(false), to indicate that consistency could not be checked.
-        - In case the check returns C(no), the module will fail.
+        - In case the check returns C(false), the module will fail.
     returned: when I(check_consistency=true)
     type: bool
 public_key:
@@ -194,7 +194,7 @@ public_data:
 private_data:
     description:
         - Private key data. Depends on key type.
-    returned: success and when I(return_private_key_data) is set to C(yes)
+    returned: success and when I(return_private_key_data) is set to C(true)
     type: dict
 '''
 

plugins/modules/openssl_publickey.py

@@ -34,7 +34,7 @@ options:
         description:
             - Should the key be regenerated even it it already exists.
         type: bool
-        default: no
+        default: false
     format:
         description:
             - The format of the public key.
@@ -68,7 +68,7 @@ options:
             - Create a backup file including a timestamp so you can get the original
               public key back if you overwrote it with a different one by accident.
         type: bool
-        default: no
+        default: false
     select_crypto_backend:
         description:
             - Determines which crypto backend to use.
@@ -79,9 +79,9 @@ options:
         choices: [ auto, cryptography ]
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) public key's content as I(publickey).
+            - If set to C(true), will return the (current or generated) public key's content as I(publickey).
         type: bool
-        default: no
+        default: false
         version_added: '1.0.0'
 extends_documentation_fragment:
 - files
@@ -123,7 +123,7 @@ EXAMPLES = r'''
   community.crypto.openssl_publickey:
     path: /etc/ssl/public/ansible.com.pem
     privatekey_path: /etc/ssl/private/ansible.com.pem
-    force: yes
+    force: true
 
 - name: Remove an OpenSSL public key
   community.crypto.openssl_publickey:
@@ -163,12 +163,12 @@ fingerprint:
       sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/publickey.pem.2019-03-09@11:22~
 publickey:
     description: The (current or generated) public key's content.
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
     version_added: '1.0.0'
 '''

plugins/modules/x509_certificate.py

@@ -59,9 +59,9 @@ options:
 
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) certificate's content as I(certificate).
+            - If set to C(true), will return the (current or generated) certificate's content as I(certificate).
         type: bool
-        default: no
+        default: false
         version_added: '1.0.0'
 
     backup:
@@ -69,7 +69,7 @@ options:
             - Create a backup file including a timestamp so you can get the original
               certificate back if you overwrote it with a new one by accident.
         type: bool
-        default: no
+        default: false
 
     csr_content:
         version_added: '1.0.0'
@@ -128,7 +128,7 @@ EXAMPLES = r'''
     provider: acme
     acme_accountkey_path: /etc/ssl/private/ansible.com.pem
     acme_challenge_path: /etc/ssl/challenges/ansible.com/
-    force: yes
+    force: true
 
 - name: Generate an Entrust certificate via the Entrust Certificate Services (ECS) API
   community.crypto.x509_certificate:
@@ -216,12 +216,12 @@ filename:
     sample: /etc/ssl/crt/www.ansible.com.crt
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/www.ansible.com.crt.2019-03-09@11:22~
 certificate:
     description: The (current or generated) certificate's content.
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
     version_added: '1.0.0'
 '''

plugins/modules/x509_certificate_info.py

@@ -184,7 +184,7 @@ subject_alt_name_critical:
     returned: success
     type: bool
 ocsp_must_staple:
-    description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise.
+    description: C(true) if the OCSP Must Staple extension is present, C(none) otherwise.
     returned: success
     type: bool
 ocsp_must_staple_critical:

plugins/modules/x509_crl.py

@@ -38,7 +38,7 @@ options:
             - If set to C(update), makes sure that the CRL contains the revoked certificates from
               I(revoked_certificates), but can also contain other revoked certificates. If the CRL file
               already exists, all entries from the existing CRL will also be included in the new CRL.
-              When using C(update), you might be interested in setting I(ignore_timestamps) to C(yes).
+              When using C(update), you might be interested in setting I(ignore_timestamps) to C(true).
         type: str
         default: generate
         choices: [ generate, update ]
@@ -47,20 +47,20 @@ options:
         description:
             - Should the CRL be forced to be regenerated.
         type: bool
-        default: no
+        default: false
 
     backup:
         description:
             - Create a backup file including a timestamp so you can get the original
               CRL back if you overwrote it with a new one by accident.
         type: bool
-        default: no
+        default: false
 
     path:
         description:
             - Remote absolute path where the generated CRL file should be created or is already located.
         type: path
-        required: yes
+        required: true
 
     format:
         description:
@@ -117,7 +117,7 @@ options:
             - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
               + C([w | d | h | m | s]) (for example C(+32w1d2h)).
             - Note that if using relative time this module is NOT idempotent, except when
-              I(ignore_timestamps) is set to C(yes).
+              I(ignore_timestamps) is set to C(true).
         type: str
         default: "+0s"
 
@@ -130,7 +130,7 @@ options:
             - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
               + C([w | d | h | m | s]) (for example C(+32w1d2h)).
             - Note that if using relative time this module is NOT idempotent, except when
-              I(ignore_timestamps) is set to C(yes).
+              I(ignore_timestamps) is set to C(true).
             - Required if I(state) is C(present).
         type: str
 
@@ -175,7 +175,7 @@ options:
                     - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
                       + C([w | d | h | m | s]) (for example C(+32w1d2h)).
                     - Note that if using relative time this module is NOT idempotent, except when
-                      I(ignore_timestamps) is set to C(yes).
+                      I(ignore_timestamps) is set to C(true).
                 type: str
                 default: "+0s"
             issuer:
@@ -188,7 +188,7 @@ options:
                 description:
                     - Whether the certificate issuer extension should be critical.
                 type: bool
-                default: no
+                default: false
             reason:
                 description:
                     - The value for the revocation reason extension.
@@ -208,7 +208,7 @@ options:
                 description:
                     - Whether the revocation reason extension should be critical.
                 type: bool
-                default: no
+                default: false
             invalidity_date:
                 description:
                     - The point in time it was known/suspected that the private key was compromised
@@ -218,13 +218,13 @@ options:
                     - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
                       + C([w | d | h | m | s]) (for example C(+32w1d2h)).
                     - Note that if using relative time this module is NOT idempotent. This will NOT
-                      change when I(ignore_timestamps) is set to C(yes).
+                      change when I(ignore_timestamps) is set to C(true).
                 type: str
             invalidity_date_critical:
                 description:
                     - Whether the invalidity date extension should be critical.
                 type: bool
-                default: no
+                default: false
 
     ignore_timestamps:
         description:
@@ -233,13 +233,13 @@ options:
               I(invalidity_date) in I(revoked_certificates) will never be ignored.
             - Use this in combination with relative timestamps for these values to get idempotency.
         type: bool
-        default: no
+        default: false
 
     return_content:
         description:
-            - If set to C(yes), will return the (current or generated) CRL's content as I(crl).
+            - If set to C(true), will return the (current or generated) CRL's content as I(crl).
         type: bool
-        default: no
+        default: false
 
 extends_documentation_fragment:
     - files
@@ -281,7 +281,7 @@ filename:
     sample: /path/to/my-ca.crl
 backup_file:
     description: Name of backup file created.
-    returned: changed and if I(backup) is C(yes)
+    returned: changed and if I(backup) is C(true)
     type: str
     sample: /path/to/my-ca.crl.2019-03-09@11:22~
 privatekey:
@@ -348,7 +348,7 @@ revoked_certificates:
         issuer_critical:
             description: Whether the certificate issuer extension is critical.
             type: bool
-            sample: no
+            sample: false
         reason:
             description:
                 - The value for the revocation reason extension.
@@ -360,7 +360,7 @@ revoked_certificates:
         reason_critical:
             description: Whether the revocation reason extension is critical.
             type: bool
-            sample: no
+            sample: false
         invalidity_date:
             description: |
                 The point in time it was known/suspected that the private key was compromised
@@ -370,13 +370,13 @@ revoked_certificates:
         invalidity_date_critical:
             description: Whether the invalidity date extension is critical.
             type: bool
-            sample: no
+            sample: false
 crl:
     description:
         - The (current or generated) CRL's content.
         - Will be the CRL itself if I(format) is C(pem), and Base64 of the
           CRL if I(format) is C(der).
-    returned: if I(state) is C(present) and I(return_content) is C(yes)
+    returned: if I(state) is C(present) and I(return_content) is C(true)
     type: str
 '''
 

plugins/modules/x509_crl_info.py

@@ -129,7 +129,7 @@ revoked_certificates:
         issuer_critical:
             description: Whether the certificate issuer extension is critical.
             type: bool
-            sample: no
+            sample: false
         reason:
             description:
                 - The value for the revocation reason extension.
@@ -141,7 +141,7 @@ revoked_certificates:
         reason_critical:
             description: Whether the revocation reason extension is critical.
             type: bool
-            sample: no
+            sample: false
         invalidity_date:
             description: |
                 The point in time it was known/suspected that the private key was compromised
@@ -151,7 +151,7 @@ revoked_certificates:
         invalidity_date_critical:
             description: Whether the invalidity date extension is critical.
             type: bool
-            sample: no
+            sample: false
 '''