Fix typos and FQCN (#669)

* Fix typos.

* Use FQCNs in examples.

CHANGELOG.rst

@@ -387,7 +387,7 @@ Minor Changes
 -------------
 
 - Prepare collection for inclusion in an Execution Environment by declaring its dependencies. Please note that system packages are used for cryptography and PyOpenSSL, which can be rather limited. If you need features from newer cryptography versions, you will have to manually force a newer version to be installed by pip by specifying something like ``cryptography >= 37.0.0`` in your Execution Environment's Python dependencies file (https://github.com/ansible-collections/community.crypto/pull/440).
-- Support automatic conversion for Internalionalized Domain Names (IDNs). When passing general names, for example Subject Altenative Names to ``community.crypto.openssl_csr``, these will automatically be converted to IDNA. Conversion will be done per label to IDNA2008 if possible, and IDNA2003 if IDNA2008 conversion fails for that label. Note that IDNA conversion requires `the Python idna library <https://pypi.org/project/idna/>`_ to be installed. Please note that depending on which versions of the cryptography library are used, it could try to process the converted IDNA another time with the Python ``idna`` library and reject IDNA2003 encoded values. Using a new enough ``cryptography`` version avoids this (https://github.com/ansible-collections/community.crypto/issues/426, https://github.com/ansible-collections/community.crypto/pull/436).
+- Support automatic conversion for Internalionalized Domain Names (IDNs). When passing general names, for example Subject Alternative Names to ``community.crypto.openssl_csr``, these will automatically be converted to IDNA. Conversion will be done per label to IDNA2008 if possible, and IDNA2003 if IDNA2008 conversion fails for that label. Note that IDNA conversion requires `the Python idna library <https://pypi.org/project/idna/>`_ to be installed. Please note that depending on which versions of the cryptography library are used, it could try to process the converted IDNA another time with the Python ``idna`` library and reject IDNA2003 encoded values. Using a new enough ``cryptography`` version avoids this (https://github.com/ansible-collections/community.crypto/issues/426, https://github.com/ansible-collections/community.crypto/pull/436).
 - acme_* modules - add parameter ``request_timeout`` to manage HTTP(S) request timeout (https://github.com/ansible-collections/community.crypto/issues/447, https://github.com/ansible-collections/community.crypto/pull/448).
 - luks_devices - added ``perf_same_cpu_crypt``, ``perf_submit_from_crypt_cpus``, ``perf_no_read_workqueue``, ``perf_no_write_workqueue`` for performance tuning when opening LUKS2 containers (https://github.com/ansible-collections/community.crypto/issues/427).
 - luks_devices - added ``persistent`` option when opening LUKS2 containers (https://github.com/ansible-collections/community.crypto/pull/434).
@@ -726,20 +726,20 @@ Minor Changes
 - openssh_keypair - added ``passphrase`` parameter for encrypting/decrypting OpenSSH private keys (https://github.com/ansible-collections/community.crypto/pull/225).
 - openssl_csr - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - openssl_csr_info - now returns ``public_key_type`` and ``public_key_data`` (https://github.com/ansible-collections/community.crypto/pull/233).
-- openssl_csr_info - refactor module to allow code re-use for diff mode (https://github.com/ansible-collections/community.crypto/pull/204).
+- openssl_csr_info - refactor module to allow code reuse for diff mode (https://github.com/ansible-collections/community.crypto/pull/204).
 - openssl_csr_pipe - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - openssl_pkcs12 - added option ``select_crypto_backend`` and a ``cryptography`` backend. This requires cryptography 3.0 or newer, and does not support the ``iter_size`` and ``maciter_size`` options (https://github.com/ansible-collections/community.crypto/pull/234).
 - openssl_privatekey - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
-- openssl_privatekey_info - refactor module to allow code re-use for diff mode (https://github.com/ansible-collections/community.crypto/pull/205).
+- openssl_privatekey_info - refactor module to allow code reuse for diff mode (https://github.com/ansible-collections/community.crypto/pull/205).
 - openssl_privatekey_pipe - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - openssl_publickey - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - x509_certificate - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - x509_certificate_info - now returns ``public_key_type`` and ``public_key_data`` (https://github.com/ansible-collections/community.crypto/pull/233).
-- x509_certificate_info - refactor module to allow code re-use for diff mode (https://github.com/ansible-collections/community.crypto/pull/206).
+- x509_certificate_info - refactor module to allow code reuse for diff mode (https://github.com/ansible-collections/community.crypto/pull/206).
 - x509_certificate_pipe - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - x509_crl - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38, https://github.com/ansible-collections/community.crypto/pull/150).
 - x509_crl_info - add ``list_revoked_certificates`` option to avoid enumerating all revoked certificates (https://github.com/ansible-collections/community.crypto/pull/232).
-- x509_crl_info - refactor module to allow code re-use for diff mode (https://github.com/ansible-collections/community.crypto/pull/203).
+- x509_crl_info - refactor module to allow code reuse for diff mode (https://github.com/ansible-collections/community.crypto/pull/203).
 
 Bugfixes
 --------
@@ -867,11 +867,11 @@ Minor Changes
 -------------
 
 - openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
-- openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
+- openssl_csr - refactor module to allow code reuse by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
-- openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119).
+- openssl_privatekey - refactor module to allow code reuse by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119).
 - openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132).
 - x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129).
-- x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135).
+- x509_certificate - refactor module to allow code reuse by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135).
 
 Bugfixes
 --------
@@ -984,7 +984,7 @@ Minor Changes
 - openssh_keypair - instead of regenerating some broken or password protected keys, fail the module. Keys can still be regenerated by calling the module with ``force=yes``.
 - openssh_keypair - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys.
 - openssl_* modules - the cryptography backend now properly supports ``dirName``, ``otherName`` and ``RID`` (Registered ID) names.
-- openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should be neccessary.)
+- openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should be necessary.)
 - openssl_certificate - Change the required version of acme-tiny to >= 4.0.0
 - openssl_certificate - allow to provide content of some input files via the ``csr_content``, ``privatekey_content``, ``ownca_privatekey_content`` and ``ownca_content`` options.
 - openssl_certificate - allow to return the existing/generated certificate directly as ``certificate`` by setting ``return_content`` to ``yes``.

changelogs/changelog.yaml

@@ -56,7 +56,7 @@ releases:
       - openssl_certificate - Add option for changing which ACME directory to use
         with acme-tiny. Set the default ACME directory to Let's Encrypt instead of
         using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time
-        being, so no action should be neccessary.)
+        being, so no action should be necessary.)
       - openssl_certificate - Change the required version of acme-tiny to >= 4.0.0
       - openssl_certificate - allow to provide content of some input files via the
         ``csr_content``, ``privatekey_content``, ``ownca_privatekey_content`` and
@@ -247,8 +247,8 @@ releases:
       minor_changes:
       - openssh_cert - add module parameter ``use_agent`` to enable using signing
         keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
-      - openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
+      - openssl_csr - refactor module to allow code reuse by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
-      - openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe
+      - openssl_privatekey - refactor module to allow code reuse by openssl_privatekey_pipe
         (https://github.com/ansible-collections/community.crypto/pull/119).
       - openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security
         warning. Elliptic curves of at least 224 bits should be used for new keys;
@@ -258,7 +258,7 @@ releases:
         anymore. If no CSR is provided, the module behaves as if a minimal CSR which
         only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32,
         https://github.com/ansible-collections/community.crypto/pull/129).
-      - x509_certificate - refactor module to allow code re-use by x509_certificate_pipe
+      - x509_certificate - refactor module to allow code reuse by x509_certificate_pipe
         (https://github.com/ansible-collections/community.crypto/pull/135).
       release_summary: 'Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe``
         and ``x509_certificate_pipe`` which allow to create or update private keys,
@@ -419,7 +419,7 @@ releases:
         https://github.com/ansible-collections/community.crypto/pull/150).
       - openssl_csr_info - now returns ``public_key_type`` and ``public_key_data``
         (https://github.com/ansible-collections/community.crypto/pull/233).
-      - openssl_csr_info - refactor module to allow code re-use for diff mode (https://github.com/ansible-collections/community.crypto/pull/204).
+      - openssl_csr_info - refactor module to allow code reuse for diff mode (https://github.com/ansible-collections/community.crypto/pull/204).
       - openssl_csr_pipe - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38,
         https://github.com/ansible-collections/community.crypto/pull/150).
       - openssl_pkcs12 - added option ``select_crypto_backend`` and a ``cryptography``
@@ -427,7 +427,7 @@ releases:
         ``iter_size`` and ``maciter_size`` options (https://github.com/ansible-collections/community.crypto/pull/234).
       - openssl_privatekey - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38,
         https://github.com/ansible-collections/community.crypto/pull/150).
-      - openssl_privatekey_info - refactor module to allow code re-use for diff mode
+      - openssl_privatekey_info - refactor module to allow code reuse for diff mode
         (https://github.com/ansible-collections/community.crypto/pull/205).
       - openssl_privatekey_pipe - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38,
         https://github.com/ansible-collections/community.crypto/pull/150).
@@ -437,7 +437,7 @@ releases:
         https://github.com/ansible-collections/community.crypto/pull/150).
       - x509_certificate_info - now returns ``public_key_type`` and ``public_key_data``
         (https://github.com/ansible-collections/community.crypto/pull/233).
-      - x509_certificate_info - refactor module to allow code re-use for diff mode
+      - x509_certificate_info - refactor module to allow code reuse for diff mode
         (https://github.com/ansible-collections/community.crypto/pull/206).
       - x509_certificate_pipe - add diff mode (https://github.com/ansible-collections/community.crypto/issues/38,
         https://github.com/ansible-collections/community.crypto/pull/150).
@@ -445,7 +445,7 @@ releases:
         https://github.com/ansible-collections/community.crypto/pull/150).
       - x509_crl_info - add ``list_revoked_certificates`` option to avoid enumerating
         all revoked certificates (https://github.com/ansible-collections/community.crypto/pull/232).
-      - x509_crl_info - refactor module to allow code re-use for diff mode (https://github.com/ansible-collections/community.crypto/pull/203).
+      - x509_crl_info - refactor module to allow code reuse for diff mode (https://github.com/ansible-collections/community.crypto/pull/203).
       release_summary: Regular feature and bugfix release.
     fragments:
     - 1.7.0.yml
@@ -1023,7 +1023,7 @@ releases:
         be installed by pip by specifying something like ``cryptography >= 37.0.0``
         in your Execution Environment's Python dependencies file (https://github.com/ansible-collections/community.crypto/pull/440).
       - Support automatic conversion for Internalionalized Domain Names (IDNs). When
-        passing general names, for example Subject Altenative Names to ``community.crypto.openssl_csr``,
+        passing general names, for example Subject Alternative Names to ``community.crypto.openssl_csr``,
         these will automatically be converted to IDNA. Conversion will be done per
         label to IDNA2008 if possible, and IDNA2003 if IDNA2008 conversion fails for
         that label. Note that IDNA conversion requires `the Python idna library <https://pypi.org/project/idna/>`_

plugins/module_utils/crypto/cryptography_support.py

@@ -114,7 +114,7 @@ def cryptography_get_extensions_from_cert(cert):
     try:
         # Since cryptography will not give us the DER value for an extension
         # (that is only stored for unrecognized extensions), we have to re-do
-        # the extension parsing outselves.
+        # the extension parsing ourselves.
         backend = default_backend()
         try:
             # For certain old versions of cryptography, backend is a MultiBackend object,
@@ -166,7 +166,7 @@ def cryptography_get_extensions_from_csr(csr):
     try:
         # Since cryptography will not give us the DER value for an extension
         # (that is only stored for unrecognized extensions), we have to re-do
-        # the extension parsing outselves.
+        # the extension parsing ourselves.
         backend = default_backend()
         try:
             # For certain old versions of cryptography, backend is a MultiBackend object,

plugins/module_utils/crypto/module_backends/privatekey_convert.py

@@ -106,7 +106,7 @@ class PrivateKeyConvertBackend:
 
     @abc.abstractmethod
     def _load_private_key(self, data, passphrase, current_hint=None):
-        """Check whether data cna be loaded as a private key with the provided passphrase. Return tuple (type, private_key)."""
+        """Check whether data can be loaded as a private key with the provided passphrase. Return tuple (type, private_key)."""
         pass
 
     def needs_conversion(self):

plugins/modules/acme_certificate.py

@@ -305,9 +305,10 @@ EXAMPLES = r'''
   register: sample_com_challenge
 
 # Alternative first step:
-- name: Create a challenge for sample.com using a account key from hashi vault.
+- name: Create a challenge for sample.com using a account key from Hashi Vault.
   community.crypto.acme_certificate:
-    account_key_content: "{{ lookup('hashi_vault', 'secret=secret/account_private_key:value') }}"
+    account_key_content: >-
+      {{ lookup('community.hashi_vault.hashi_vault', 'secret=secret/account_private_key:value') }}
     csr: /etc/pki/cert/csr/sample.com.csr
     fullchain_dest: /etc/httpd/ssl/sample.com-fullchain.crt
   register: sample_com_challenge

plugins/modules/certificate_complete_chain.py

@@ -78,7 +78,7 @@ EXAMPLES = '''
 # certificates, finds the associated root certificate.
 - name: Find root certificate
   community.crypto.certificate_complete_chain:
-    input_chain: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com-fullchain.pem') }}"
+    input_chain: "{{ lookup('ansible.builtin.file', '/etc/ssl/csr/www.ansible.com-fullchain.pem') }}"
     root_certificates:
     - /etc/ca-certificates/
   register: www_ansible_com
@@ -91,7 +91,7 @@ EXAMPLES = '''
 # certificates, finds the associated root certificate.
 - name: Find root certificate
   community.crypto.certificate_complete_chain:
-    input_chain: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com.pem') }}"
+    input_chain: "{{ lookup('ansible.builtin.file', '/etc/ssl/csr/www.ansible.com.pem') }}"
     intermediate_certificates:
     - /etc/ssl/csr/www.ansible.com-chain.pem
     root_certificates:

plugins/modules/ecs_certificate.py

@@ -96,7 +96,7 @@ options:
               obtained using O(request_type).
             - If O(request_type=renew), a renewal will fail if the certificate being renewed has been issued within the past 30 days, so do not set a
               O(remaining_days) value that is within 30 days of the full lifetime of the certificate being acted upon.
-            - For exmaple, if you are requesting Certificates with a 90 day lifetime, do not set O(remaining_days) to a value V(60) or higher).
+            - For example, if you are requesting Certificates with a 90 day lifetime, do not set O(remaining_days) to a value V(60) or higher).
             - The O(force) option may be used to ensure that a new certificate is always obtained.
         type: int
         default: 30

plugins/modules/openssl_csr_pipe.py

@@ -58,7 +58,7 @@ EXAMPLES = r'''
 
 - name: Generate an OpenSSL Certificate Signing Request with an inline CSR
   community.crypto.openssl_csr:
-    content: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com.csr') }}"
+    content: "{{ lookup('ansible.builtin.file', '/etc/ssl/csr/www.ansible.com.csr') }}"
     privatekey_content: "{{ private_key_content }}"
     common_name: www.ansible.com
   register: result

plugins/modules/openssl_dhparam.py

@@ -193,7 +193,7 @@ class DHParameterBase(object):
         """Generate DH params."""
         changed = False
 
-        # ony generate when necessary
+        # only generate when necessary
         if self.force or not self._check_params_valid(module):
             self._do_generate(module)
             changed = True

plugins/modules/x509_certificate_info.py

@@ -52,7 +52,7 @@ options:
         description:
             - A dict of names mapping to time specifications. Every time specified here
               will be checked whether the certificate is valid at this point. See the
-              RV(valid_at) return value for informations on the result.
+              RV(valid_at) return value for information on the result.
             - Time can be specified either as relative time or as absolute timestamp.
             - Time will always be interpreted as UTC.
             - Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer

plugins/modules/x509_certificate_pipe.py

@@ -71,8 +71,8 @@ EXAMPLES = r'''
 - name: (1/2) Generate an OpenSSL Certificate with the CSR provided inline
   community.crypto.x509_certificate_pipe:
     provider: ownca
-    content: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com.crt') }}"
+    content: "{{ lookup('ansible.builtin.file', '/etc/ssl/csr/www.ansible.com.crt') }}"
-    csr_content: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com.csr') }}"
+    csr_content: "{{ lookup('ansible.builtin.file', '/etc/ssl/csr/www.ansible.com.csr') }}"
     ownca_cert: /path/to/ca_cert.crt
     ownca_privatekey: /path/to/ca_cert.key
     ownca_privatekey_passphrase: hunter2

tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - block:
-  - name: Generate ECC256 accoun keys
+  - name: Generate ECC256 account keys
     openssl_privatekey:
       path: "{{ remote_tmp_dir }}/account-ec256.pem"
       type: ECC

tests/integration/targets/openssh_cert/tests/idempotency.yml

@@ -31,7 +31,7 @@
         valid_to: forever
         check_mode: true
         changed: true
-      - test_name: Generate cert - force option (idemopotent, check mode)
+      - test_name: Generate cert - force option (idempotent, check mode)
         force: true
         type: user
         valid_from: always

tests/integration/targets/openssl_privatekey/tests/validate.yml

@@ -74,7 +74,7 @@
   shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey5.pem -passin pass:ansible  | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'"
   register: privatekey5
   # Current version of OS/X that runs in the CI (10.11) does not have an up to date version of the OpenSSL library
-  # leading to this test to fail when run in the CI. However, this test has been run for 10.12 and has returned succesfully.
+  # leading to this test to fail when run in the CI. However, this test has been run for 10.12 and has returned successfully.
   when: openssl_version.stdout is version('0.9.8zh', '>=')
 
 - name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)"

tests/integration/targets/x509_certificate/tests/validate_ownca.yml

@@ -15,7 +15,7 @@
   shell: '{{ openssl_binary }} x509 -noout  -in {{ remote_tmp_dir}}/ownca_cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"'
   register: ownca_cert_issuer
 
-- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca certficate version == default == 3)
+- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca certificate version == default == 3)
   shell: '{{ openssl_binary }} x509 -noout  -in {{ remote_tmp_dir}}/ownca_cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
   register: ownca_cert_version
 

tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml

@@ -18,7 +18,7 @@
   shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert_no_csr.pem'
   register: cert_modulus
 
-- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certficate version == default == 3)
+- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certificate version == default == 3)
   shell: '{{ openssl_binary }} x509 -noout  -in {{ remote_tmp_dir}}/cert_no_csr.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
   register: cert_version
 
@@ -55,7 +55,7 @@
   register: cert_issuer
 
 
-- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certficate version == default == 3)
+- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate version == default == 3)
   shell: '{{ openssl_binary }} x509 -noout  -in {{ remote_tmp_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
   register: cert_version