Fix doc fragments indents.

pull/833/head
Felix Fontein 2024-12-29 15:47:51 +01:00
parent ddbcf49868
commit 37af200ecb
2 changed files with 292 additions and 292 deletions

View File

@ -24,25 +24,25 @@ attributes:
INFO_MODULE = r''' INFO_MODULE = r'''
options: {} options: {}
attributes: attributes:
check_mode: check_mode:
support: full support: full
details: details:
- This action does not modify state. - This action does not modify state.
diff_mode: diff_mode:
support: N/A support: N/A
details: details:
- This action does not modify state. - This action does not modify state.
''' '''
ACTIONGROUP_ACME = r''' ACTIONGROUP_ACME = r'''
options: {} options: {}
attributes: attributes:
action_group: action_group:
description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module. description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module.
support: full support: full
membership: membership:
- community.crypto.acme - community.crypto.acme
- acme - acme
''' '''
FACTS = r""" FACTS = r"""
@ -56,16 +56,16 @@ attributes:
FACTS_MODULE = r''' FACTS_MODULE = r'''
options: {} options: {}
attributes: attributes:
check_mode: check_mode:
support: full support: full
details: details:
- This action does not modify state. - This action does not modify state.
diff_mode: diff_mode:
support: N/A support: N/A
details: details:
- This action does not modify state. - This action does not modify state.
facts: facts:
support: full support: full
''' '''
FILES = r""" FILES = r"""

View File

@ -88,316 +88,316 @@ seealso:
BACKEND_ACME_DOCUMENTATION = r''' BACKEND_ACME_DOCUMENTATION = r'''
description: description:
- This module allows one to (re)generate OpenSSL certificates. - This module allows one to (re)generate OpenSSL certificates.
requirements: requirements:
- acme-tiny >= 4.0.0 (if using the V(acme) provider) - acme-tiny >= 4.0.0 (if using the V(acme) provider)
options: options:
acme_accountkey_path: acme_accountkey_path:
description: description:
- The path to the accountkey for the V(acme) provider. - The path to the accountkey for the V(acme) provider.
- This is only used by the V(acme) provider. - This is only used by the V(acme) provider.
type: path type: path
acme_challenge_path: acme_challenge_path:
description: description:
- The path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/) - The path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)
- This is only used by the V(acme) provider. - This is only used by the V(acme) provider.
type: path type: path
acme_chain: acme_chain:
description: description:
- Include the intermediate certificate to the generated certificate - Include the intermediate certificate to the generated certificate
- This is only used by the V(acme) provider. - This is only used by the V(acme) provider.
- Note that this is only available for older versions of C(acme-tiny). - Note that this is only available for older versions of C(acme-tiny).
New versions include the chain automatically, and setting O(acme_chain) to V(true) results in an error. New versions include the chain automatically, and setting O(acme_chain) to V(true) results in an error.
type: bool type: bool
default: false default: false
acme_directory: acme_directory:
description: description:
- "The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let's Encrypt." - "The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let's Encrypt."
- "Let's Encrypt recommends using their staging server while developing jobs. U(https://letsencrypt.org/docs/staging-environment/)." - "Let's Encrypt recommends using their staging server while developing jobs. U(https://letsencrypt.org/docs/staging-environment/)."
type: str type: str
default: https://acme-v02.api.letsencrypt.org/directory default: https://acme-v02.api.letsencrypt.org/directory
''' '''
BACKEND_ENTRUST_DOCUMENTATION = r''' BACKEND_ENTRUST_DOCUMENTATION = r'''
options: options:
entrust_cert_type: entrust_cert_type:
description: description:
- Specify the type of certificate requested. - Specify the type of certificate requested.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
type: str type: str
default: STANDARD_SSL default: STANDARD_SSL
choices: [ 'STANDARD_SSL', 'ADVANTAGE_SSL', 'UC_SSL', 'EV_SSL', 'WILDCARD_SSL', 'PRIVATE_SSL', 'PD_SSL', 'CDS_ENT_LITE', 'CDS_ENT_PRO', 'SMIME_ENT' ] choices: [STANDARD_SSL, ADVANTAGE_SSL, UC_SSL, EV_SSL, WILDCARD_SSL, PRIVATE_SSL, PD_SSL, CDS_ENT_LITE, CDS_ENT_PRO, SMIME_ENT]
entrust_requester_email: entrust_requester_email:
description: description:
- The email of the requester of the certificate (for tracking purposes). - The email of the requester of the certificate (for tracking purposes).
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: str type: str
entrust_requester_name: entrust_requester_name:
description: description:
- The name of the requester of the certificate (for tracking purposes). - The name of the requester of the certificate (for tracking purposes).
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: str type: str
entrust_requester_phone: entrust_requester_phone:
description: description:
- The phone number of the requester of the certificate (for tracking purposes). - The phone number of the requester of the certificate (for tracking purposes).
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: str type: str
entrust_api_user: entrust_api_user:
description: description:
- The username for authentication to the Entrust Certificate Services (ECS) API. - The username for authentication to the Entrust Certificate Services (ECS) API.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: str type: str
entrust_api_key: entrust_api_key:
description: description:
- The key (password) for authentication to the Entrust Certificate Services (ECS) API. - The key (password) for authentication to the Entrust Certificate Services (ECS) API.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: str type: str
entrust_api_client_cert_path: entrust_api_client_cert_path:
description: description:
- The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API. - The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: path type: path
entrust_api_client_cert_key_path: entrust_api_client_cert_key_path:
description: description:
- The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API. - The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- This is required if the provider is V(entrust). - This is required if the provider is V(entrust).
type: path type: path
entrust_not_after: entrust_not_after:
description: description:
- The point in time at which the certificate stops being valid. - The point in time at which the certificate stops being valid.
- Time can be specified either as relative time or as an absolute timestamp. - Time can be specified either as relative time or as an absolute timestamp.
- A valid absolute time format is C(ASN.1 TIME) such as V(2019-06-18). - A valid absolute time format is C(ASN.1 TIME) such as V(2019-06-18).
- A valid relative time format is V([+-]timespec) where timespec can be an integer + C([w | d | h | m | s]), such as V(+365d) or V(+32w1d2h)). - A valid relative time format is V([+-]timespec) where timespec can be an integer + C([w | d | h | m | s]), such as V(+365d) or V(+32w1d2h)).
- Time will always be interpreted as UTC. - Time will always be interpreted as UTC.
- Note that only the date (day, month, year) is supported for specifying the expiry date of the issued certificate. - Note that only the date (day, month, year) is supported for specifying the expiry date of the issued certificate.
- The full date-time is adjusted to EST (GMT -5:00) before issuance, which may result in a certificate with an expiration date one day - The full date-time is adjusted to EST (GMT -5:00) before issuance, which may result in a certificate with an expiration date one day
earlier than expected if a relative time is used. earlier than expected if a relative time is used.
- The minimum certificate lifetime is 90 days, and maximum is three years. - The minimum certificate lifetime is 90 days, and maximum is three years.
- If this value is not specified, the certificate will stop being valid 365 days the date of issue. - If this value is not specified, the certificate will stop being valid 365 days the date of issue.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
- Please note that this value is B(not) covered by the O(ignore_timestamps) option. - Please note that this value is B(not) covered by the O(ignore_timestamps) option.
type: str type: str
default: +365d default: +365d
entrust_api_specification_path: entrust_api_specification_path:
description: description:
- The path to the specification file defining the Entrust Certificate Services (ECS) API configuration. - The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.
- You can use this to keep a local copy of the specification to avoid downloading it every time the module is used. - You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.
- This is only used by the V(entrust) provider. - This is only used by the V(entrust) provider.
type: path type: path
default: https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml default: https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml
''' '''
BACKEND_OWNCA_DOCUMENTATION = r''' BACKEND_OWNCA_DOCUMENTATION = r'''
description: description:
- The V(ownca) provider is intended for generating an OpenSSL certificate signed with your own - The V(ownca) provider is intended for generating an OpenSSL certificate signed with your own
CA (Certificate Authority) certificate (self-signed certificate). CA (Certificate Authority) certificate (self-signed certificate).
options: options:
ownca_path: ownca_path:
description: description:
- Remote absolute path of the CA (Certificate Authority) certificate. - Remote absolute path of the CA (Certificate Authority) certificate.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- This is mutually exclusive with O(ownca_content). - This is mutually exclusive with O(ownca_content).
type: path type: path
ownca_content: ownca_content:
description: description:
- Content of the CA (Certificate Authority) certificate. - Content of the CA (Certificate Authority) certificate.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- This is mutually exclusive with O(ownca_path). - This is mutually exclusive with O(ownca_path).
type: str type: str
ownca_privatekey_path: ownca_privatekey_path:
description: description:
- Path to the CA (Certificate Authority) private key to use when signing the certificate. - Path to the CA (Certificate Authority) private key to use when signing the certificate.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- This is mutually exclusive with O(ownca_privatekey_content). - This is mutually exclusive with O(ownca_privatekey_content).
type: path type: path
ownca_privatekey_content: ownca_privatekey_content:
description: description:
- Content of the CA (Certificate Authority) private key to use when signing the certificate. - Content of the CA (Certificate Authority) private key to use when signing the certificate.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- This is mutually exclusive with O(ownca_privatekey_path). - This is mutually exclusive with O(ownca_privatekey_path).
type: str type: str
ownca_privatekey_passphrase: ownca_privatekey_passphrase:
description: description:
- The passphrase for the O(ownca_privatekey_path) resp. O(ownca_privatekey_content). - The passphrase for the O(ownca_privatekey_path) resp. O(ownca_privatekey_content).
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
type: str type: str
ownca_digest: ownca_digest:
description: description:
- The digest algorithm to be used for the V(ownca) certificate. - The digest algorithm to be used for the V(ownca) certificate.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
type: str type: str
default: sha256 default: sha256
ownca_version: ownca_version:
description: description:
- The version of the V(ownca) certificate. - The version of the V(ownca) certificate.
- Nowadays it should almost always be V(3). - Nowadays it should almost always be V(3).
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
type: int type: int
default: 3 default: 3
ownca_not_before: ownca_not_before:
description: description:
- The point in time the certificate is valid from. - The point in time the certificate is valid from.
- Time can be specified either as relative time or as absolute timestamp. - Time can be specified either as relative time or as absolute timestamp.
- Time will always be interpreted as UTC. - Time will always be interpreted as UTC.
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example V(+32w1d2h)). + C([w | d | h | m | s]) (for example V(+32w1d2h)).
- If this value is not specified, the certificate will start being valid from now. - If this value is not specified, the certificate will start being valid from now.
- Note that this value is B(not used to determine whether an existing certificate should be regenerated). - Note that this value is B(not used to determine whether an existing certificate should be regenerated).
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
avoid relative timestamps when setting O(ignore_timestamps=false). avoid relative timestamps when setting O(ignore_timestamps=false).
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
type: str type: str
default: +0s default: +0s
ownca_not_after: ownca_not_after:
description: description:
- The point in time at which the certificate stops being valid. - The point in time at which the certificate stops being valid.
- Time can be specified either as relative time or as absolute timestamp. - Time can be specified either as relative time or as absolute timestamp.
- Time will always be interpreted as UTC. - Time will always be interpreted as UTC.
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example V(+32w1d2h)). + C([w | d | h | m | s]) (for example V(+32w1d2h)).
- If this value is not specified, the certificate will stop being valid 10 years from now. - If this value is not specified, the certificate will stop being valid 10 years from now.
- Note that this value is B(not used to determine whether an existing certificate should be regenerated). - Note that this value is B(not used to determine whether an existing certificate should be regenerated).
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
avoid relative timestamps when setting O(ignore_timestamps=false). avoid relative timestamps when setting O(ignore_timestamps=false).
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
Please see U(https://support.apple.com/en-us/HT210176) for more details. Please see U(https://support.apple.com/en-us/HT210176) for more details.
type: str type: str
default: +3650d default: +3650d
ownca_create_subject_key_identifier: ownca_create_subject_key_identifier:
description: description:
- Whether to create the Subject Key Identifier (SKI) from the public key. - Whether to create the Subject Key Identifier (SKI) from the public key.
- A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not - A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not
provide one. provide one.
- A value of V(always_create) always creates a SKI. If the CSR provides one, that one is - A value of V(always_create) always creates a SKI. If the CSR provides one, that one is
ignored. ignored.
- A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used. - A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- Note that this is only supported if the C(cryptography) backend is used! - Note that this is only supported if the C(cryptography) backend is used!
type: str type: str
choices: [create_if_not_provided, always_create, never_create] choices: [create_if_not_provided, always_create, never_create]
default: create_if_not_provided default: create_if_not_provided
ownca_create_authority_key_identifier: ownca_create_authority_key_identifier:
description: description:
- Create a Authority Key Identifier from the CA's certificate. If the CSR provided - Create a Authority Key Identifier from the CA's certificate. If the CSR provided
a authority key identifier, it is ignored. a authority key identifier, it is ignored.
- The Authority Key Identifier is generated from the CA certificate's Subject Key Identifier, - The Authority Key Identifier is generated from the CA certificate's Subject Key Identifier,
if available. If it is not available, the CA certificate's public key will be used. if available. If it is not available, the CA certificate's public key will be used.
- This is only used by the V(ownca) provider. - This is only used by the V(ownca) provider.
- Note that this is only supported if the C(cryptography) backend is used! - Note that this is only supported if the C(cryptography) backend is used!
type: bool type: bool
default: true default: true
''' '''
BACKEND_SELFSIGNED_DOCUMENTATION = r''' BACKEND_SELFSIGNED_DOCUMENTATION = r'''
notes: notes:
- For the V(selfsigned) provider, O(csr_path) and O(csr_content) are optional. If not provided, a - For the V(selfsigned) provider, O(csr_path) and O(csr_content) are optional. If not provided, a
certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created. certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.
options: options:
# NOTE: descriptions in options are overwritten, not appended. For that reason, the texts provided # NOTE: descriptions in options are overwritten, not appended. For that reason, the texts provided
# here for csr_path and csr_content are not visible to the user. That's why this information is # here for csr_path and csr_content are not visible to the user. That's why this information is
# added to the notes (see above). # added to the notes (see above).
# csr_path: # csr_path:
# description: # description:
# - This is optional for the V(selfsigned) provider. If not provided, a certificate # - This is optional for the V(selfsigned) provider. If not provided, a certificate
# without any information (Subject, Subject Alternative Names, Key Usage, etc.) is # without any information (Subject, Subject Alternative Names, Key Usage, etc.) is
# created. # created.
# csr_content: # csr_content:
# description: # description:
# - This is optional for the V(selfsigned) provider. If not provided, a certificate # - This is optional for the V(selfsigned) provider. If not provided, a certificate
# without any information (Subject, Subject Alternative Names, Key Usage, etc.) is # without any information (Subject, Subject Alternative Names, Key Usage, etc.) is
# created. # created.
selfsigned_version: selfsigned_version:
description: description:
- Version of the V(selfsigned) certificate. - Version of the V(selfsigned) certificate.
- Nowadays it should almost always be V(3). - Nowadays it should almost always be V(3).
- This is only used by the V(selfsigned) provider. - This is only used by the V(selfsigned) provider.
type: int type: int
default: 3 default: 3
selfsigned_digest: selfsigned_digest:
description: description:
- Digest algorithm to be used when self-signing the certificate. - Digest algorithm to be used when self-signing the certificate.
- This is only used by the V(selfsigned) provider. - This is only used by the V(selfsigned) provider.
type: str type: str
default: sha256 default: sha256
selfsigned_not_before: selfsigned_not_before:
description: description:
- The point in time the certificate is valid from. - The point in time the certificate is valid from.
- Time can be specified either as relative time or as absolute timestamp. - Time can be specified either as relative time or as absolute timestamp.
- Time will always be interpreted as UTC. - Time will always be interpreted as UTC.
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example V(+32w1d2h)). + C([w | d | h | m | s]) (for example V(+32w1d2h)).
- If this value is not specified, the certificate will start being valid from now. - If this value is not specified, the certificate will start being valid from now.
- Note that this value is B(not used to determine whether an existing certificate should be regenerated). - Note that this value is B(not used to determine whether an existing certificate should be regenerated).
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
avoid relative timestamps when setting O(ignore_timestamps=false). avoid relative timestamps when setting O(ignore_timestamps=false).
- This is only used by the V(selfsigned) provider. - This is only used by the V(selfsigned) provider.
type: str type: str
default: +0s default: +0s
aliases: [ selfsigned_notBefore ] aliases: [ selfsigned_notBefore ]
selfsigned_not_after: selfsigned_not_after:
description: description:
- The point in time at which the certificate stops being valid. - The point in time at which the certificate stops being valid.
- Time can be specified either as relative time or as absolute timestamp. - Time can be specified either as relative time or as absolute timestamp.
- Time will always be interpreted as UTC. - Time will always be interpreted as UTC.
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
+ C([w | d | h | m | s]) (for example V(+32w1d2h)). + C([w | d | h | m | s]) (for example V(+32w1d2h)).
- If this value is not specified, the certificate will stop being valid 10 years from now. - If this value is not specified, the certificate will stop being valid 10 years from now.
- Note that this value is B(not used to determine whether an existing certificate should be regenerated). - Note that this value is B(not used to determine whether an existing certificate should be regenerated).
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
avoid relative timestamps when setting O(ignore_timestamps=false). avoid relative timestamps when setting O(ignore_timestamps=false).
- This is only used by the V(selfsigned) provider. - This is only used by the V(selfsigned) provider.
- On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. - On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
Please see U(https://support.apple.com/en-us/HT210176) for more details. Please see U(https://support.apple.com/en-us/HT210176) for more details.
type: str type: str
default: +3650d default: +3650d
aliases: [ selfsigned_notAfter ] aliases: [ selfsigned_notAfter ]
selfsigned_create_subject_key_identifier: selfsigned_create_subject_key_identifier:
description: description:
- Whether to create the Subject Key Identifier (SKI) from the public key. - Whether to create the Subject Key Identifier (SKI) from the public key.
- A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not - A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not
provide one. provide one.
- A value of V(always_create) always creates a SKI. If the CSR provides one, that one is - A value of V(always_create) always creates a SKI. If the CSR provides one, that one is
ignored. ignored.
- A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used. - A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used.
- This is only used by the V(selfsigned) provider. - This is only used by the V(selfsigned) provider.
- Note that this is only supported if the C(cryptography) backend is used! - Note that this is only supported if the C(cryptography) backend is used!
type: str type: str
choices: [create_if_not_provided, always_create, never_create] choices: [create_if_not_provided, always_create, never_create]
default: create_if_not_provided default: create_if_not_provided
''' '''