a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Convert yes/no to true/false. (#503)

pull/504/head
Felix Fontein 2022-08-23 21:33:29 +02:00 committed by GitHub
parent ed03b1aa7f
commit 0e15d6cea8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 121 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docsite/rst/guide_ownca.rst
View File

@ -34,7 +34,7 @@ The following instructions show how to set up a simple self-signed CA certificat
use_common_name_for_san: false # since we do not specify SANs, don't use CN as a SAN
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
key_usage:
- keyCertSign
key_usage_critical: true

4
plugins/doc_fragments/acme.py
View File

@ -114,10 +114,10 @@ options:
validate_certs:
description:
- Whether calls to the ACME directory will validate TLS certificates.
- "B(Warning:) Should B(only ever) be set to C(no) for testing purposes,
- "B(Warning:) Should B(only ever) be set to C(false) for testing purposes,
for example when testing against a local Pebble server."
type: bool
default: yes
default: true
select_crypto_backend:
description:
- Determines which crypto backend to use.

8
plugins/doc_fragments/module_certificate.py
View File

@ -23,7 +23,7 @@ options:
description:
- Generate the certificate, even if it already exists.
type: bool
default: no
default: false
csr_path:
description:
@ -110,9 +110,9 @@ options:
- Include the intermediate certificate to the generated certificate
- This is only used by the C(acme) provider.
- Note that this is only available for older versions of C(acme-tiny).
New versions include the chain automatically, and setting I(acme_chain) to C(yes) results in an error.
New versions include the chain automatically, and setting I(acme_chain) to C(true) results in an error.
type: bool
default: no
default: false
acme_directory:
description:
@ -314,7 +314,7 @@ options:
- This is only used by the C(ownca) provider.
- Note that this is only supported if the C(cryptography) backend is used!
type: bool
default: yes
default: true
'''
BACKEND_SELFSIGNED_DOCUMENTATION = r'''

8
plugins/doc_fragments/module_csr.py
View File

@ -122,10 +122,10 @@ options:
aliases: [ subjectAltName_critical ]
use_common_name_for_san:
description:
- If set to C(yes), the module will fill the common name in for
- If set to C(true), the module will fill the common name in for
C(subject_alt_name) with C(DNS:) prefix if no SAN is specified.
type: bool
default: yes
default: true
aliases: [ useCommonNameForSAN ]
key_usage:
description:
@ -219,7 +219,7 @@ options:
certificates or for own CAs."
- Note that this is only supported if the C(cryptography) backend is used!
type: bool
default: no
default: false
subject_key_identifier:
description:
- The subject key identifier as a hex string, where two bytes are separated by colons.
@ -227,7 +227,7 @@ options:
- "Please note that commercial CAs ignore this value, respectively use a value of their
own choice. Specifying this option is mostly useful for self-signed certificates
or for own CAs."
- Note that this option can only be used if I(create_subject_key_identifier) is C(no).
- Note that this option can only be used if I(create_subject_key_identifier) is C(false).
- Note that this is only supported if the C(cryptography) backend is used!
type: str
authority_key_identifier:

2
plugins/doc_fragments/module_privatekey.py
View File

@ -129,7 +129,7 @@ options:
is protected by an unknown passphrase, or when they key is not protected by a passphrase,
but a passphrase is specified. Make sure you have a B(backup) when using this option!
- If set to C(always), the module will always regenerate the key. This is equivalent to
setting I(force) to C(yes).
setting I(force) to C(true).
- Note that if I(format_mismatch) is set to C(convert) and everything matches except the
format, the key will always be converted, except if I(regenerate) is set to C(always).
type: str

6
plugins/module_utils/crypto/module_backends/privatekey.py
View File

@ -175,7 +175,7 @@ class PrivateKeyBackend:
return True
self.module.fail_json(msg='Unable to read the key. The key is protected with a another passphrase / no passphrase or broken.'
' Will not proceed. To force regeneration, call the module with `generate`'
' set to `full_idempotence` or `always`, or with `force=yes`.')
' set to `full_idempotence` or `always`, or with `force=true`.')
self._ensure_existing_private_key_loaded()
if self.regenerate != 'never':
if not self._check_size_and_type():
@ -183,7 +183,7 @@ class PrivateKeyBackend:
return True
self.module.fail_json(msg='Key has wrong type and/or size.'
' Will not proceed. To force regeneration, call the module with `generate`'
' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`.')
' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`.')
# During generation step, regenerate if format does not match and format_mismatch == 'regenerate'
if self.format_mismatch == 'regenerate' and self.regenerate != 'never':
if not self._check_format():
@ -191,7 +191,7 @@ class PrivateKeyBackend:
return True
self.module.fail_json(msg='Key has wrong format.'
' Will not proceed. To force regeneration, call the module with `generate`'
' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`.'
' set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`.'
' To convert the key, set `format_mismatch` to `convert`.')
return False

4
plugins/module_utils/openssh/backends/keypair_backend.py
View File

@ -152,7 +152,7 @@ class KeypairBackend(OpensshModule):
self.module.fail_json(
msg="Unable to read the key. The key is protected with a passphrase or broken. " +
"Will not proceed. To force regeneration, call the module with `generate` " +
"set to `full_idempotence` or `always`, or with `force=yes`."
"set to `full_idempotence` or `always`, or with `force=true`."
)
@abc.abstractmethod
@ -167,7 +167,7 @@ class KeypairBackend(OpensshModule):
self.module.fail_json(
msg="Key has wrong type and/or size. Will not proceed. " +
"To force regeneration, call the module with `generate` set to " +
"`partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`."
"`partial_idempotence`, `full_idempotence` or `always`, or with `force=true`."
)
return self.original_private_key is None
elif self.regenerate in ('partial_idempotence', 'full_idempotence'):

8
plugins/modules/acme_account.py
View File

@ -57,7 +57,7 @@ options:
description:
- "Whether account creation is allowed (when state is C(present))."
type: bool
default: yes
default: true
contact:
description:
- "A list of contact URLs."
@ -74,7 +74,7 @@ options:
- "Boolean indicating whether you agree to the terms of service document."
- "ACME servers can require this to be true."
type: bool
default: no
default: false
new_account_key_src:
description:
- "Path to a file containing the ACME account RSA or Elliptic Curve key to change to."
@ -129,7 +129,7 @@ EXAMPLES = '''
community.crypto.acme_account:
account_key_src: /etc/pki/cert/private/account.key
state: present
terms_agreed: yes
terms_agreed: true
contact:
- mailto:me@example.com
- mailto:myself@example.org
@ -138,7 +138,7 @@ EXAMPLES = '''
community.crypto.acme_account:
account_key_src: /etc/pki/cert/private/account.key
state: present
allow_creation: no
allow_creation: false
contact:
- mailto:me@example.com

26
plugins/modules/acme_certificate.py
View File

@ -85,7 +85,7 @@ options:
description:
- "The email address associated with this account."
- "It will be used for certificate expiration warnings."
- "Note that when C(modify_account) is not set to C(no) and you also
- "Note that when C(modify_account) is not set to C(false) and you also
used the M(community.crypto.acme_account) module to specify more than one contact
for your account, this module will update your account and restrict
it to the (at most one) contact email address specified here."
@ -103,17 +103,17 @@ options:
- "ACME servers can require this to be true."
- This option will only be used when C(acme_version) is not 1.
type: bool
default: no
default: false
modify_account:
description:
- "Boolean indicating whether the module should create the account if
necessary, and update its contact data."
- "Set to C(no) if you want to use the M(community.crypto.acme_account) module to manage
- "Set to C(false) if you want to use the M(community.crypto.acme_account) module to manage
your account instead, and to avoid accidental creation of a new account
using an old key if you changed the account key with M(community.crypto.acme_account)."
- "If set to C(no), C(terms_agreed) and C(account_email) are ignored."
- "If set to C(false), C(terms_agreed) and C(account_email) are ignored."
type: bool
default: yes
default: true
challenge:
description: The challenge to be performed.
type: str
@ -200,7 +200,7 @@ options:
without having to re-authenticate the domain. This can be a security
concern."
type: bool
default: no
default: false
force:
description:
- Enforces the execution of the challenge and validation, even if an
@ -208,15 +208,15 @@ options:
- This is especially helpful when having an updated CSR, for example with
additional domains for which a new certificate is desired.
type: bool
default: no
default: false
retrieve_all_alternates:
description:
- "When set to C(yes), will retrieve all alternate trust chains offered by the ACME CA.
- "When set to C(true), will retrieve all alternate trust chains offered by the ACME CA.
These will not be written to disk, but will be returned together with the main
chain as C(all_chains). See the documentation for the C(all_chains) return
value for details."
type: bool
default: no
default: false
select_chain:
description:
- "Allows to specify criteria by which an (alternate) trust chain can be selected."
@ -351,7 +351,7 @@ EXAMPLES = r'''
# type: TXT
# ttl: 60
# state: present
# wait: yes
# wait: true
# # Note: route53 requires TXT entries to be enclosed in quotes
# value: "{{ sample_com_challenge.challenge_data['sample.com']['dns-01'].resource_value | regex_replace('^(.*)$', '\"\\1\"') }}"
# when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge.challenge_data
@ -364,7 +364,7 @@ EXAMPLES = r'''
# type: TXT
# ttl: 60
# state: present
# wait: yes
# wait: true
# # Note: item.value is a list of TXT entries, and route53
# # requires every entry to be enclosed in quotes
# value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
@ -496,11 +496,11 @@ account_uri:
type: str
all_chains:
description:
- When I(retrieve_all_alternates) is set to C(yes), the module will query the ACME server
- When I(retrieve_all_alternates) is set to C(true), the module will query the ACME server
for alternate chains. This return value will contain a list of all chains returned,
the first entry being the main chain returned by the server.
- See L(Section 7.4.2 of RFC8555,https://tools.ietf.org/html/rfc8555#section-7.4.2) for details.
returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(yes)
returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(true)
type: list
elements: dict
contains:

2
plugins/modules/acme_certificate_revoke.py
View File

@ -45,7 +45,7 @@ options:
description:
- "Path to the certificate to revoke."
type: path
required: yes
required: true
account_key_src:
description:
- "Path to a file containing the ACME account RSA or Elliptic Curve

4
plugins/modules/acme_challenge_cert_helper.py
View File

@ -33,7 +33,7 @@ options:
description:
- "The challenge type."
type: str
required: yes
required: true
choices:
- tls-alpn-01
challenge_data:
@ -41,7 +41,7 @@ options:
- "The C(challenge_data) entry provided by M(community.crypto.acme_certificate) for the
challenge."
type: dict
required: yes
required: true
private_key_src:
description:
- "Path to a file containing the private key file to use for this challenge

2
plugins/modules/acme_inspect.py
View File

@ -76,7 +76,7 @@ options:
- "If I(method) is C(post) or C(get), make the module fail in case an ACME
error is returned."
type: bool
default: yes
default: true
'''
EXAMPLES = r'''

4
plugins/modules/certificate_complete_chain.py
View File

@ -32,7 +32,7 @@ options:
- A concatenated set of certificates in PEM format forming a chain.
- The module will try to complete this chain.
type: str
required: yes
required: true
root_certificates:
description:
- "A list of filenames or directories."
@ -45,7 +45,7 @@ options:
- "Symbolic links will be followed."
type: list
elements: path
required: yes
required: true
intermediate_certificates:
description:
- "A list of filenames or directories."

10
plugins/modules/luks_device.py
View File

@ -109,7 +109,7 @@ options:
community.crypto 1.4.0. For older versions, trying to remove
a key which no longer exists results in an error."
- "NOTE that to remove the last key from a LUKS container, the
I(force_remove_last_key) option must be set to C(yes)."
I(force_remove_last_key) option must be set to C(true)."
- "BEWARE that working with keyfiles in plaintext is dangerous.
Make sure that they are protected."
type: path
@ -122,16 +122,16 @@ options:
a passphrase which no longer exists results in an error."
- "NOTE that to remove the last keyslot from a LUKS
container, the I(force_remove_last_key) option must be set
to C(yes)."
to C(true)."
type: str
version_added: '1.0.0'
force_remove_last_key:
description:
- "If set to C(yes), allows removing the last key from a container."
- "If set to C(true), allows removing the last key from a container."
- "BEWARE that when the last key has been removed from a container,
the container can no longer be opened!"
type: bool
default: no
default: false
label:
description:
- "This option allow the user to create a LUKS2 format container
@ -665,7 +665,7 @@ class CryptHandler(Handler):
if keyslot_count < 2:
self._module.fail_json(msg="LUKS device %s has less than two active keyslots. "
"To be able to remove a key, please set "
"`force_remove_last_key` to `yes`." % device)
"`force_remove_last_key` to `true`." % device)
args = [self._cryptsetup_bin, 'luksRemoveKey', device, '-q']
if keyfile:

4
plugins/modules/openssh_keypair.py
View File

@ -107,7 +107,7 @@ options:
is protected by an unknown passphrase, or when they key is not protected by a passphrase,
but a passphrase is specified. Make sure you have a B(backup) when using this option!
- If set to C(always), the module will always regenerate the key. This is equivalent to
setting I(force) to C(yes).
setting I(force) to C(true).
- Note that adjusting the comment and the permissions can be changed without regeneration.
Therefore, even for C(never), the task can result in changed.
type: str
@ -121,7 +121,7 @@ options:
version_added: '1.0.0'
notes:
- In case the ssh key is broken or password protected, the module will fail.
Set the I(force) option to C(yes) if you want to regenerate the keypair.
Set the I(force) option to C(true) if you want to regenerate the keypair.
- Supports C(check_mode).
- In the case a custom C(mode), C(group), C(owner), or other file attribute is provided it will be applied to both key files.

16
plugins/modules/openssl_csr.py
View File

@ -32,7 +32,7 @@ options:
description:
- Should the certificate signing request be forced regenerated by this ansible module.
type: bool
default: no
default: false
path:
description:
- The name of the file into which the generated OpenSSL certificate signing request will be written.
@ -43,12 +43,12 @@ options:
- Create a backup file including a timestamp so you can get the original
CSR back if you overwrote it with a new one by accident.
type: bool
default: no
default: false
return_content:
description:
- If set to C(yes), will return the (current or generated) CSR's content as I(csr).
- If set to C(true), will return the (current or generated) CSR's content as I(csr).
type: bool
default: no
default: false
version_added: "1.0.0"
privatekey_content:
version_added: "1.0.0"
@ -114,7 +114,7 @@ EXAMPLES = r'''
community.crypto.openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
force: yes
force: true
common_name: www.ansible.com
- name: Generate an OpenSSL Certificate Signing Request with special key usages
@ -133,7 +133,7 @@ EXAMPLES = r'''
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
ocsp_must_staple: yes
ocsp_must_staple: true
- name: Generate an OpenSSL Certificate Signing Request for WinRM Certificate authentication
community.crypto.openssl_csr:
@ -225,12 +225,12 @@ name_constraints_excluded:
version_added: 1.1.0
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/www.ansible.com.csr.2019-03-09@11:22~
csr:
description: The (current or generated) CSR's content.
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
version_added: "1.0.0"
'''

4
plugins/modules/openssl_csr_info.py
View File

@ -74,7 +74,7 @@ RETURN = r'''
signature_valid:
description:
- Whether the CSR's signature is valid.
- In case the check returns C(no), the module will fail.
- In case the check returns C(false), the module will fail.
returned: success
type: bool
basic_constraints:
@ -140,7 +140,7 @@ subject_alt_name_critical:
returned: success
type: bool
ocsp_must_staple:
description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise.
description: C(true) if the OCSP Must Staple extension is present, C(none) otherwise.
returned: success
type: bool
ocsp_must_staple_critical:

14
plugins/modules/openssl_dhparam.py
View File

@ -44,7 +44,7 @@ options:
description:
- Should the parameters be regenerated even it it already exists.
type: bool
default: no
default: false
path:
description:
- Name of the file in which the generated parameters will be saved.
@ -55,7 +55,7 @@ options:
- Create a backup file including a timestamp so you can get the original
DH params back if you overwrote them with new ones by accident.
type: bool
default: no
default: false
select_crypto_backend:
description:
- Determines which crypto backend to use.
@ -68,9 +68,9 @@ options:
version_added: "1.0.0"
return_content:
description:
- If set to C(yes), will return the (current or generated) DH parameter's content as I(dhparams).
- If set to C(true), will return the (current or generated) DH parameter's content as I(dhparams).
type: bool
default: no
default: false
version_added: "1.0.0"
notes:
- Supports C(check_mode).
@ -97,7 +97,7 @@ EXAMPLES = r'''
- name: Force regenerate an DH parameters if they already exist
community.crypto.openssl_dhparam:
path: /etc/ssl/dhparams.pem
force: yes
force: true
'''
RETURN = r'''
@ -113,12 +113,12 @@ filename:
sample: /etc/ssl/dhparams.pem
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/dhparams.pem.2019-03-09@11:22~
dhparams:
description: The (current or generated) DH params' content.
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
version_added: "1.0.0"
'''

14
plugins/modules/openssl_pkcs12.py
View File

@ -56,7 +56,7 @@ options:
description:
- Should the file be regenerated even if it already exists.
type: bool
default: no
default: false
friendly_name:
description:
- Specifies the friendly name for the certificate and private key.
@ -117,12 +117,12 @@ options:
- Create a backup file including a timestamp so you can get the original
output file back if you overwrote it with a new one by accident.
type: bool
default: no
default: false
return_content:
description:
- If set to C(yes), will return the (current or generated) PKCS#12's content as I(pkcs12).
- If set to C(true), will return the (current or generated) PKCS#12's content as I(pkcs12).
type: bool
default: no
default: false
version_added: "1.0.0"
select_crypto_backend:
description:
@ -203,7 +203,7 @@ EXAMPLES = r'''
other_certificates: /opt/certs/ca.pem
state: present
mode: '0600'
force: yes
force: true
- name: Dump/Parse PKCS#12 file
community.crypto.openssl_pkcs12:
@ -231,12 +231,12 @@ privatekey:
sample: /etc/ssl/private/ansible.com.pem
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/ansible.com.pem.2019-03-09@11:22~
pkcs12:
description: The (current or generated) PKCS#12's content Base64 encoded.
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
version_added: "1.0.0"
'''

14
plugins/modules/openssl_privatekey.py
View File

@ -30,7 +30,7 @@ options:
description:
- Should the key be regenerated even if it already exists.
type: bool
default: no
default: false
path:
description:
- Name of the file in which the generated TLS/SSL private key will be written. It will have C(0600) mode
@ -46,16 +46,16 @@ options:
- Create a backup file including a timestamp so you can get
the original private key back if you overwrote it with a new one by accident.
type: bool
default: no
default: false
return_content:
description:
- If set to C(yes), will return the (current or generated) private key's content as I(privatekey).
- If set to C(true), will return the (current or generated) private key's content as I(privatekey).
- Note that especially if the private key is not encrypted, you have to make sure that the returned
value is treated appropriately and not accidentally written to logs etc.! Use with care!
- Use Ansible's I(no_log) task option to avoid the output being shown. See also
U(https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook).
type: bool
default: no
default: false
version_added: '1.0.0'
regenerate:
version_added: '1.0.0'
@ -86,7 +86,7 @@ EXAMPLES = r'''
- name: Force regenerate an OpenSSL private key if it already exists
community.crypto.openssl_privatekey:
path: /etc/ssl/private/ansible.com.pem
force: yes
force: true
- name: Generate an OpenSSL private key with a different algorithm (DSA)
community.crypto.openssl_privatekey:
@ -129,14 +129,14 @@ fingerprint:
sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/privatekey.pem.2019-03-09@11:22~
privatekey:
description:
- The (current or generated) private key's content.
- Will be Base64-encoded if the key is in raw format.
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
version_added: '1.0.0'
'''

2
plugins/modules/openssl_privatekey_convert.py
View File

@ -50,7 +50,7 @@ EXAMPLES = r'''
RETURN = r'''
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/privatekey.pem.2019-03-09@11:22~
'''

12
plugins/modules/openssl_privatekey_info.py
View File

@ -44,11 +44,11 @@ options:
return_private_key_data:
description:
- Whether to return private key data.
- Only set this to C(yes) when you want private information about this key to
- Only set this to C(true) when you want private information about this key to
leave the remote machine.
- "B(WARNING:) you have to make sure that private key data is not accidentally logged!"
type: bool
default: no
default: false
check_consistency:
description:
- Whether to check consistency of the private key.
@ -104,9 +104,9 @@ can_parse_key:
type: bool
key_is_consistent:
description:
- Whether the key is consistent. Can also return C(none) next to C(yes) and
C(no), to indicate that consistency could not be checked.
- In case the check returns C(no), the module will fail.
- Whether the key is consistent. Can also return C(none) next to C(true) and
C(false), to indicate that consistency could not be checked.
- In case the check returns C(false), the module will fail.
returned: when I(check_consistency=true)
type: bool
public_key:
@ -194,7 +194,7 @@ public_data:
private_data:
description:
- Private key data. Depends on key type.
returned: success and when I(return_private_key_data) is set to C(yes)
returned: success and when I(return_private_key_data) is set to C(true)
type: dict
'''

14
plugins/modules/openssl_publickey.py
View File

@ -34,7 +34,7 @@ options:
description:
- Should the key be regenerated even it it already exists.
type: bool
default: no
default: false
format:
description:
- The format of the public key.
@ -68,7 +68,7 @@ options:
- Create a backup file including a timestamp so you can get the original
public key back if you overwrote it with a different one by accident.
type: bool
default: no
default: false
select_crypto_backend:
description:
- Determines which crypto backend to use.
@ -79,9 +79,9 @@ options:
choices: [ auto, cryptography ]
return_content:
description:
- If set to C(yes), will return the (current or generated) public key's content as I(publickey).
- If set to C(true), will return the (current or generated) public key's content as I(publickey).
type: bool
default: no
default: false
version_added: '1.0.0'
extends_documentation_fragment:
- files
@ -123,7 +123,7 @@ EXAMPLES = r'''
community.crypto.openssl_publickey:
path: /etc/ssl/public/ansible.com.pem
privatekey_path: /etc/ssl/private/ansible.com.pem
force: yes
force: true
- name: Remove an OpenSSL public key
community.crypto.openssl_publickey:
@ -163,12 +163,12 @@ fingerprint:
sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b"
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/publickey.pem.2019-03-09@11:22~
publickey:
description: The (current or generated) public key's content.
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
version_added: '1.0.0'
'''

12
plugins/modules/x509_certificate.py
View File

@ -59,9 +59,9 @@ options:
return_content:
description:
- If set to C(yes), will return the (current or generated) certificate's content as I(certificate).
- If set to C(true), will return the (current or generated) certificate's content as I(certificate).
type: bool
default: no
default: false
version_added: '1.0.0'
backup:
@ -69,7 +69,7 @@ options:
- Create a backup file including a timestamp so you can get the original
certificate back if you overwrote it with a new one by accident.
type: bool
default: no
default: false
csr_content:
version_added: '1.0.0'
@ -128,7 +128,7 @@ EXAMPLES = r'''
provider: acme
acme_accountkey_path: /etc/ssl/private/ansible.com.pem
acme_challenge_path: /etc/ssl/challenges/ansible.com/
force: yes
force: true
- name: Generate an Entrust certificate via the Entrust Certificate Services (ECS) API
community.crypto.x509_certificate:
@ -216,12 +216,12 @@ filename:
sample: /etc/ssl/crt/www.ansible.com.crt
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/www.ansible.com.crt.2019-03-09@11:22~
certificate:
description: The (current or generated) certificate's content.
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
version_added: '1.0.0'
'''

2
plugins/modules/x509_certificate_info.py
View File

@ -184,7 +184,7 @@ subject_alt_name_critical:
returned: success
type: bool
ocsp_must_staple:
description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise.
description: C(true) if the OCSP Must Staple extension is present, C(none) otherwise.
returned: success
type: bool
ocsp_must_staple_critical:

38
plugins/modules/x509_crl.py
View File

@ -38,7 +38,7 @@ options:
- If set to C(update), makes sure that the CRL contains the revoked certificates from
I(revoked_certificates), but can also contain other revoked certificates. If the CRL file
already exists, all entries from the existing CRL will also be included in the new CRL.
When using C(update), you might be interested in setting I(ignore_timestamps) to C(yes).
When using C(update), you might be interested in setting I(ignore_timestamps) to C(true).
type: str
default: generate
choices: [ generate, update ]
@ -47,20 +47,20 @@ options:
description:
- Should the CRL be forced to be regenerated.
type: bool
default: no
default: false
backup:
description:
- Create a backup file including a timestamp so you can get the original
CRL back if you overwrote it with a new one by accident.
type: bool
default: no
default: false
path:
description:
- Remote absolute path where the generated CRL file should be created or is already located.
type: path
required: yes
required: true
format:
description:
@ -117,7 +117,7 @@ options:
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example C(+32w1d2h)).
- Note that if using relative time this module is NOT idempotent, except when
I(ignore_timestamps) is set to C(yes).
I(ignore_timestamps) is set to C(true).
type: str
default: "+0s"
@ -130,7 +130,7 @@ options:
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example C(+32w1d2h)).
- Note that if using relative time this module is NOT idempotent, except when
I(ignore_timestamps) is set to C(yes).
I(ignore_timestamps) is set to C(true).
- Required if I(state) is C(present).
type: str
@ -175,7 +175,7 @@ options:
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example C(+32w1d2h)).
- Note that if using relative time this module is NOT idempotent, except when
I(ignore_timestamps) is set to C(yes).
I(ignore_timestamps) is set to C(true).
type: str
default: "+0s"
issuer:
@ -188,7 +188,7 @@ options:
description:
- Whether the certificate issuer extension should be critical.
type: bool
default: no
default: false
reason:
description:
- The value for the revocation reason extension.
@ -208,7 +208,7 @@ options:
description:
- Whether the revocation reason extension should be critical.
type: bool
default: no
default: false
invalidity_date:
description:
- The point in time it was known/suspected that the private key was compromised
@ -218,13 +218,13 @@ options:
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example C(+32w1d2h)).
- Note that if using relative time this module is NOT idempotent. This will NOT
change when I(ignore_timestamps) is set to C(yes).
change when I(ignore_timestamps) is set to C(true).
type: str
invalidity_date_critical:
description:
- Whether the invalidity date extension should be critical.
type: bool
default: no
default: false
ignore_timestamps:
description:
@ -233,13 +233,13 @@ options:
I(invalidity_date) in I(revoked_certificates) will never be ignored.
- Use this in combination with relative timestamps for these values to get idempotency.
type: bool
default: no
default: false
return_content:
description:
- If set to C(yes), will return the (current or generated) CRL's content as I(crl).
- If set to C(true), will return the (current or generated) CRL's content as I(crl).
type: bool
default: no
default: false
extends_documentation_fragment:
- files
@ -281,7 +281,7 @@ filename:
sample: /path/to/my-ca.crl
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
returned: changed and if I(backup) is C(true)
type: str
sample: /path/to/my-ca.crl.2019-03-09@11:22~
privatekey:
@ -348,7 +348,7 @@ revoked_certificates:
issuer_critical:
description: Whether the certificate issuer extension is critical.
type: bool
sample: no
sample: false
reason:
description:
- The value for the revocation reason extension.
@ -360,7 +360,7 @@ revoked_certificates:
reason_critical:
description: Whether the revocation reason extension is critical.
type: bool
sample: no
sample: false
invalidity_date:
description: |
The point in time it was known/suspected that the private key was compromised
@ -370,13 +370,13 @@ revoked_certificates:
invalidity_date_critical:
description: Whether the invalidity date extension is critical.
type: bool
sample: no
sample: false
crl:
description:
- The (current or generated) CRL's content.
- Will be the CRL itself if I(format) is C(pem), and Base64 of the
CRL if I(format) is C(der).
returned: if I(state) is C(present) and I(return_content) is C(yes)
returned: if I(state) is C(present) and I(return_content) is C(true)
type: str
'''

6
plugins/modules/x509_crl_info.py
View File

@ -129,7 +129,7 @@ revoked_certificates:
issuer_critical:
description: Whether the certificate issuer extension is critical.
type: bool
sample: no
sample: false
reason:
description:
- The value for the revocation reason extension.
@ -141,7 +141,7 @@ revoked_certificates:
reason_critical:
description: Whether the revocation reason extension is critical.
type: bool
sample: no
sample: false
invalidity_date:
description: |
The point in time it was known/suspected that the private key was compromised
@ -151,7 +151,7 @@ revoked_certificates:
invalidity_date_critical:
description: Whether the invalidity date extension is critical.
type: bool
sample: no
sample: false
'''