From 37af200ecbfb3a6df9316eb0efc29a49b0804eb2 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 29 Dec 2024 15:47:51 +0100 Subject: [PATCH] Fix doc fragments indents. --- plugins/doc_fragments/attributes.py | 48 +- plugins/doc_fragments/module_certificate.py | 536 ++++++++++---------- 2 files changed, 292 insertions(+), 292 deletions(-) diff --git a/plugins/doc_fragments/attributes.py b/plugins/doc_fragments/attributes.py index 81535712..56f42542 100644 --- a/plugins/doc_fragments/attributes.py +++ b/plugins/doc_fragments/attributes.py @@ -24,25 +24,25 @@ attributes: INFO_MODULE = r''' options: {} attributes: - check_mode: - support: full - details: - - This action does not modify state. - diff_mode: - support: N/A - details: - - This action does not modify state. + check_mode: + support: full + details: + - This action does not modify state. + diff_mode: + support: N/A + details: + - This action does not modify state. ''' ACTIONGROUP_ACME = r''' options: {} attributes: - action_group: - description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module. - support: full - membership: - - community.crypto.acme - - acme + action_group: + description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module. + support: full + membership: + - community.crypto.acme + - acme ''' FACTS = r""" @@ -56,16 +56,16 @@ attributes: FACTS_MODULE = r''' options: {} attributes: - check_mode: - support: full - details: - - This action does not modify state. - diff_mode: - support: N/A - details: - - This action does not modify state. - facts: - support: full + check_mode: + support: full + details: + - This action does not modify state. + diff_mode: + support: N/A + details: + - This action does not modify state. + facts: + support: full ''' FILES = r""" diff --git a/plugins/doc_fragments/module_certificate.py b/plugins/doc_fragments/module_certificate.py index 6dcb136b..2bde9a75 100644 --- a/plugins/doc_fragments/module_certificate.py +++ b/plugins/doc_fragments/module_certificate.py @@ -88,316 +88,316 @@ seealso: BACKEND_ACME_DOCUMENTATION = r''' description: - - This module allows one to (re)generate OpenSSL certificates. + - This module allows one to (re)generate OpenSSL certificates. requirements: - - acme-tiny >= 4.0.0 (if using the V(acme) provider) + - acme-tiny >= 4.0.0 (if using the V(acme) provider) options: - acme_accountkey_path: - description: - - The path to the accountkey for the V(acme) provider. - - This is only used by the V(acme) provider. - type: path + acme_accountkey_path: + description: + - The path to the accountkey for the V(acme) provider. + - This is only used by the V(acme) provider. + type: path - acme_challenge_path: - description: - - The path to the ACME challenge directory that is served on U(http://:80/.well-known/acme-challenge/) - - This is only used by the V(acme) provider. - type: path + acme_challenge_path: + description: + - The path to the ACME challenge directory that is served on U(http://:80/.well-known/acme-challenge/) + - This is only used by the V(acme) provider. + type: path - acme_chain: - description: - - Include the intermediate certificate to the generated certificate - - This is only used by the V(acme) provider. - - Note that this is only available for older versions of C(acme-tiny). - New versions include the chain automatically, and setting O(acme_chain) to V(true) results in an error. - type: bool - default: false + acme_chain: + description: + - Include the intermediate certificate to the generated certificate + - This is only used by the V(acme) provider. + - Note that this is only available for older versions of C(acme-tiny). + New versions include the chain automatically, and setting O(acme_chain) to V(true) results in an error. + type: bool + default: false - acme_directory: - description: - - "The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let's Encrypt." - - "Let's Encrypt recommends using their staging server while developing jobs. U(https://letsencrypt.org/docs/staging-environment/)." - type: str - default: https://acme-v02.api.letsencrypt.org/directory + acme_directory: + description: + - "The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let's Encrypt." + - "Let's Encrypt recommends using their staging server while developing jobs. U(https://letsencrypt.org/docs/staging-environment/)." + type: str + default: https://acme-v02.api.letsencrypt.org/directory ''' BACKEND_ENTRUST_DOCUMENTATION = r''' options: - entrust_cert_type: - description: - - Specify the type of certificate requested. - - This is only used by the V(entrust) provider. - type: str - default: STANDARD_SSL - choices: [ 'STANDARD_SSL', 'ADVANTAGE_SSL', 'UC_SSL', 'EV_SSL', 'WILDCARD_SSL', 'PRIVATE_SSL', 'PD_SSL', 'CDS_ENT_LITE', 'CDS_ENT_PRO', 'SMIME_ENT' ] + entrust_cert_type: + description: + - Specify the type of certificate requested. + - This is only used by the V(entrust) provider. + type: str + default: STANDARD_SSL + choices: [STANDARD_SSL, ADVANTAGE_SSL, UC_SSL, EV_SSL, WILDCARD_SSL, PRIVATE_SSL, PD_SSL, CDS_ENT_LITE, CDS_ENT_PRO, SMIME_ENT] - entrust_requester_email: - description: - - The email of the requester of the certificate (for tracking purposes). - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: str + entrust_requester_email: + description: + - The email of the requester of the certificate (for tracking purposes). + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: str - entrust_requester_name: - description: - - The name of the requester of the certificate (for tracking purposes). - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: str + entrust_requester_name: + description: + - The name of the requester of the certificate (for tracking purposes). + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: str - entrust_requester_phone: - description: - - The phone number of the requester of the certificate (for tracking purposes). - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: str + entrust_requester_phone: + description: + - The phone number of the requester of the certificate (for tracking purposes). + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: str - entrust_api_user: - description: - - The username for authentication to the Entrust Certificate Services (ECS) API. - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: str + entrust_api_user: + description: + - The username for authentication to the Entrust Certificate Services (ECS) API. + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: str - entrust_api_key: - description: - - The key (password) for authentication to the Entrust Certificate Services (ECS) API. - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: str + entrust_api_key: + description: + - The key (password) for authentication to the Entrust Certificate Services (ECS) API. + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: str - entrust_api_client_cert_path: - description: - - The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API. - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: path + entrust_api_client_cert_path: + description: + - The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API. + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: path - entrust_api_client_cert_key_path: - description: - - The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API. - - This is only used by the V(entrust) provider. - - This is required if the provider is V(entrust). - type: path + entrust_api_client_cert_key_path: + description: + - The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API. + - This is only used by the V(entrust) provider. + - This is required if the provider is V(entrust). + type: path - entrust_not_after: - description: - - The point in time at which the certificate stops being valid. - - Time can be specified either as relative time or as an absolute timestamp. - - A valid absolute time format is C(ASN.1 TIME) such as V(2019-06-18). - - A valid relative time format is V([+-]timespec) where timespec can be an integer + C([w | d | h | m | s]), such as V(+365d) or V(+32w1d2h)). - - Time will always be interpreted as UTC. - - Note that only the date (day, month, year) is supported for specifying the expiry date of the issued certificate. - - The full date-time is adjusted to EST (GMT -5:00) before issuance, which may result in a certificate with an expiration date one day - earlier than expected if a relative time is used. - - The minimum certificate lifetime is 90 days, and maximum is three years. - - If this value is not specified, the certificate will stop being valid 365 days the date of issue. - - This is only used by the V(entrust) provider. - - Please note that this value is B(not) covered by the O(ignore_timestamps) option. - type: str - default: +365d + entrust_not_after: + description: + - The point in time at which the certificate stops being valid. + - Time can be specified either as relative time or as an absolute timestamp. + - A valid absolute time format is C(ASN.1 TIME) such as V(2019-06-18). + - A valid relative time format is V([+-]timespec) where timespec can be an integer + C([w | d | h | m | s]), such as V(+365d) or V(+32w1d2h)). + - Time will always be interpreted as UTC. + - Note that only the date (day, month, year) is supported for specifying the expiry date of the issued certificate. + - The full date-time is adjusted to EST (GMT -5:00) before issuance, which may result in a certificate with an expiration date one day + earlier than expected if a relative time is used. + - The minimum certificate lifetime is 90 days, and maximum is three years. + - If this value is not specified, the certificate will stop being valid 365 days the date of issue. + - This is only used by the V(entrust) provider. + - Please note that this value is B(not) covered by the O(ignore_timestamps) option. + type: str + default: +365d - entrust_api_specification_path: - description: - - The path to the specification file defining the Entrust Certificate Services (ECS) API configuration. - - You can use this to keep a local copy of the specification to avoid downloading it every time the module is used. - - This is only used by the V(entrust) provider. - type: path - default: https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml + entrust_api_specification_path: + description: + - The path to the specification file defining the Entrust Certificate Services (ECS) API configuration. + - You can use this to keep a local copy of the specification to avoid downloading it every time the module is used. + - This is only used by the V(entrust) provider. + type: path + default: https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml ''' BACKEND_OWNCA_DOCUMENTATION = r''' description: - - The V(ownca) provider is intended for generating an OpenSSL certificate signed with your own - CA (Certificate Authority) certificate (self-signed certificate). + - The V(ownca) provider is intended for generating an OpenSSL certificate signed with your own + CA (Certificate Authority) certificate (self-signed certificate). options: - ownca_path: - description: - - Remote absolute path of the CA (Certificate Authority) certificate. - - This is only used by the V(ownca) provider. - - This is mutually exclusive with O(ownca_content). - type: path - ownca_content: - description: - - Content of the CA (Certificate Authority) certificate. - - This is only used by the V(ownca) provider. - - This is mutually exclusive with O(ownca_path). - type: str + ownca_path: + description: + - Remote absolute path of the CA (Certificate Authority) certificate. + - This is only used by the V(ownca) provider. + - This is mutually exclusive with O(ownca_content). + type: path + ownca_content: + description: + - Content of the CA (Certificate Authority) certificate. + - This is only used by the V(ownca) provider. + - This is mutually exclusive with O(ownca_path). + type: str - ownca_privatekey_path: - description: - - Path to the CA (Certificate Authority) private key to use when signing the certificate. - - This is only used by the V(ownca) provider. - - This is mutually exclusive with O(ownca_privatekey_content). - type: path - ownca_privatekey_content: - description: - - Content of the CA (Certificate Authority) private key to use when signing the certificate. - - This is only used by the V(ownca) provider. - - This is mutually exclusive with O(ownca_privatekey_path). - type: str + ownca_privatekey_path: + description: + - Path to the CA (Certificate Authority) private key to use when signing the certificate. + - This is only used by the V(ownca) provider. + - This is mutually exclusive with O(ownca_privatekey_content). + type: path + ownca_privatekey_content: + description: + - Content of the CA (Certificate Authority) private key to use when signing the certificate. + - This is only used by the V(ownca) provider. + - This is mutually exclusive with O(ownca_privatekey_path). + type: str - ownca_privatekey_passphrase: - description: - - The passphrase for the O(ownca_privatekey_path) resp. O(ownca_privatekey_content). - - This is only used by the V(ownca) provider. - type: str + ownca_privatekey_passphrase: + description: + - The passphrase for the O(ownca_privatekey_path) resp. O(ownca_privatekey_content). + - This is only used by the V(ownca) provider. + type: str - ownca_digest: - description: - - The digest algorithm to be used for the V(ownca) certificate. - - This is only used by the V(ownca) provider. - type: str - default: sha256 + ownca_digest: + description: + - The digest algorithm to be used for the V(ownca) certificate. + - This is only used by the V(ownca) provider. + type: str + default: sha256 - ownca_version: - description: - - The version of the V(ownca) certificate. - - Nowadays it should almost always be V(3). - - This is only used by the V(ownca) provider. - type: int - default: 3 + ownca_version: + description: + - The version of the V(ownca) certificate. + - Nowadays it should almost always be V(3). + - This is only used by the V(ownca) provider. + type: int + default: 3 - ownca_not_before: - description: - - The point in time the certificate is valid from. - - Time can be specified either as relative time or as absolute timestamp. - - Time will always be interpreted as UTC. - - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - + C([w | d | h | m | s]) (for example V(+32w1d2h)). - - If this value is not specified, the certificate will start being valid from now. - - Note that this value is B(not used to determine whether an existing certificate should be regenerated). - This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should - avoid relative timestamps when setting O(ignore_timestamps=false). - - This is only used by the V(ownca) provider. - type: str - default: +0s + ownca_not_before: + description: + - The point in time the certificate is valid from. + - Time can be specified either as relative time or as absolute timestamp. + - Time will always be interpreted as UTC. + - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + + C([w | d | h | m | s]) (for example V(+32w1d2h)). + - If this value is not specified, the certificate will start being valid from now. + - Note that this value is B(not used to determine whether an existing certificate should be regenerated). + This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should + avoid relative timestamps when setting O(ignore_timestamps=false). + - This is only used by the V(ownca) provider. + type: str + default: +0s - ownca_not_after: - description: - - The point in time at which the certificate stops being valid. - - Time can be specified either as relative time or as absolute timestamp. - - Time will always be interpreted as UTC. - - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - + C([w | d | h | m | s]) (for example V(+32w1d2h)). - - If this value is not specified, the certificate will stop being valid 10 years from now. - - Note that this value is B(not used to determine whether an existing certificate should be regenerated). - This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should - avoid relative timestamps when setting O(ignore_timestamps=false). - - This is only used by the V(ownca) provider. - - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. - Please see U(https://support.apple.com/en-us/HT210176) for more details. - type: str - default: +3650d + ownca_not_after: + description: + - The point in time at which the certificate stops being valid. + - Time can be specified either as relative time or as absolute timestamp. + - Time will always be interpreted as UTC. + - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + + C([w | d | h | m | s]) (for example V(+32w1d2h)). + - If this value is not specified, the certificate will stop being valid 10 years from now. + - Note that this value is B(not used to determine whether an existing certificate should be regenerated). + This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should + avoid relative timestamps when setting O(ignore_timestamps=false). + - This is only used by the V(ownca) provider. + - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. + Please see U(https://support.apple.com/en-us/HT210176) for more details. + type: str + default: +3650d - ownca_create_subject_key_identifier: - description: - - Whether to create the Subject Key Identifier (SKI) from the public key. - - A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not - provide one. - - A value of V(always_create) always creates a SKI. If the CSR provides one, that one is - ignored. - - A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used. - - This is only used by the V(ownca) provider. - - Note that this is only supported if the C(cryptography) backend is used! - type: str - choices: [create_if_not_provided, always_create, never_create] - default: create_if_not_provided + ownca_create_subject_key_identifier: + description: + - Whether to create the Subject Key Identifier (SKI) from the public key. + - A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not + provide one. + - A value of V(always_create) always creates a SKI. If the CSR provides one, that one is + ignored. + - A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used. + - This is only used by the V(ownca) provider. + - Note that this is only supported if the C(cryptography) backend is used! + type: str + choices: [create_if_not_provided, always_create, never_create] + default: create_if_not_provided - ownca_create_authority_key_identifier: - description: - - Create a Authority Key Identifier from the CA's certificate. If the CSR provided - a authority key identifier, it is ignored. - - The Authority Key Identifier is generated from the CA certificate's Subject Key Identifier, - if available. If it is not available, the CA certificate's public key will be used. - - This is only used by the V(ownca) provider. - - Note that this is only supported if the C(cryptography) backend is used! - type: bool - default: true + ownca_create_authority_key_identifier: + description: + - Create a Authority Key Identifier from the CA's certificate. If the CSR provided + a authority key identifier, it is ignored. + - The Authority Key Identifier is generated from the CA certificate's Subject Key Identifier, + if available. If it is not available, the CA certificate's public key will be used. + - This is only used by the V(ownca) provider. + - Note that this is only supported if the C(cryptography) backend is used! + type: bool + default: true ''' BACKEND_SELFSIGNED_DOCUMENTATION = r''' notes: - - For the V(selfsigned) provider, O(csr_path) and O(csr_content) are optional. If not provided, a - certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created. + - For the V(selfsigned) provider, O(csr_path) and O(csr_content) are optional. If not provided, a + certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created. options: - # NOTE: descriptions in options are overwritten, not appended. For that reason, the texts provided - # here for csr_path and csr_content are not visible to the user. That's why this information is - # added to the notes (see above). + # NOTE: descriptions in options are overwritten, not appended. For that reason, the texts provided + # here for csr_path and csr_content are not visible to the user. That's why this information is + # added to the notes (see above). - # csr_path: - # description: - # - This is optional for the V(selfsigned) provider. If not provided, a certificate - # without any information (Subject, Subject Alternative Names, Key Usage, etc.) is - # created. + # csr_path: + # description: + # - This is optional for the V(selfsigned) provider. If not provided, a certificate + # without any information (Subject, Subject Alternative Names, Key Usage, etc.) is + # created. - # csr_content: - # description: - # - This is optional for the V(selfsigned) provider. If not provided, a certificate - # without any information (Subject, Subject Alternative Names, Key Usage, etc.) is - # created. + # csr_content: + # description: + # - This is optional for the V(selfsigned) provider. If not provided, a certificate + # without any information (Subject, Subject Alternative Names, Key Usage, etc.) is + # created. - selfsigned_version: - description: - - Version of the V(selfsigned) certificate. - - Nowadays it should almost always be V(3). - - This is only used by the V(selfsigned) provider. - type: int - default: 3 + selfsigned_version: + description: + - Version of the V(selfsigned) certificate. + - Nowadays it should almost always be V(3). + - This is only used by the V(selfsigned) provider. + type: int + default: 3 - selfsigned_digest: - description: - - Digest algorithm to be used when self-signing the certificate. - - This is only used by the V(selfsigned) provider. - type: str - default: sha256 + selfsigned_digest: + description: + - Digest algorithm to be used when self-signing the certificate. + - This is only used by the V(selfsigned) provider. + type: str + default: sha256 - selfsigned_not_before: - description: - - The point in time the certificate is valid from. - - Time can be specified either as relative time or as absolute timestamp. - - Time will always be interpreted as UTC. - - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - + C([w | d | h | m | s]) (for example V(+32w1d2h)). - - If this value is not specified, the certificate will start being valid from now. - - Note that this value is B(not used to determine whether an existing certificate should be regenerated). - This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should - avoid relative timestamps when setting O(ignore_timestamps=false). - - This is only used by the V(selfsigned) provider. - type: str - default: +0s - aliases: [ selfsigned_notBefore ] + selfsigned_not_before: + description: + - The point in time the certificate is valid from. + - Time can be specified either as relative time or as absolute timestamp. + - Time will always be interpreted as UTC. + - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + + C([w | d | h | m | s]) (for example V(+32w1d2h)). + - If this value is not specified, the certificate will start being valid from now. + - Note that this value is B(not used to determine whether an existing certificate should be regenerated). + This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should + avoid relative timestamps when setting O(ignore_timestamps=false). + - This is only used by the V(selfsigned) provider. + type: str + default: +0s + aliases: [ selfsigned_notBefore ] - selfsigned_not_after: - description: - - The point in time at which the certificate stops being valid. - - Time can be specified either as relative time or as absolute timestamp. - - Time will always be interpreted as UTC. - - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - + C([w | d | h | m | s]) (for example V(+32w1d2h)). - - If this value is not specified, the certificate will stop being valid 10 years from now. - - Note that this value is B(not used to determine whether an existing certificate should be regenerated). - This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should - avoid relative timestamps when setting O(ignore_timestamps=false). - - This is only used by the V(selfsigned) provider. - - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. - Please see U(https://support.apple.com/en-us/HT210176) for more details. - type: str - default: +3650d - aliases: [ selfsigned_notAfter ] + selfsigned_not_after: + description: + - The point in time at which the certificate stops being valid. + - Time can be specified either as relative time or as absolute timestamp. + - Time will always be interpreted as UTC. + - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer + + C([w | d | h | m | s]) (for example V(+32w1d2h)). + - If this value is not specified, the certificate will stop being valid 10 years from now. + - Note that this value is B(not used to determine whether an existing certificate should be regenerated). + This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should + avoid relative timestamps when setting O(ignore_timestamps=false). + - This is only used by the V(selfsigned) provider. + - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. + Please see U(https://support.apple.com/en-us/HT210176) for more details. + type: str + default: +3650d + aliases: [ selfsigned_notAfter ] - selfsigned_create_subject_key_identifier: - description: - - Whether to create the Subject Key Identifier (SKI) from the public key. - - A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not - provide one. - - A value of V(always_create) always creates a SKI. If the CSR provides one, that one is - ignored. - - A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used. - - This is only used by the V(selfsigned) provider. - - Note that this is only supported if the C(cryptography) backend is used! - type: str - choices: [create_if_not_provided, always_create, never_create] - default: create_if_not_provided + selfsigned_create_subject_key_identifier: + description: + - Whether to create the Subject Key Identifier (SKI) from the public key. + - A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not + provide one. + - A value of V(always_create) always creates a SKI. If the CSR provides one, that one is + ignored. + - A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used. + - This is only used by the V(selfsigned) provider. + - Note that this is only supported if the C(cryptography) backend is used! + type: str + choices: [create_if_not_provided, always_create, never_create] + default: create_if_not_provided '''